stormkitty | 75eaf0cad1ec5a2d549238ad1dd05b1df911ba69dede4fcfd0aafa0aa01db8a0 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.6...at.zip

windows7-x64

7

XWorm V5.6...at.zip

windows10-2004-x64

Sharing

General

Target

XWorm V5.6 BypChat.zip
Size

106.6MB
Sample

241207-yafztsvmdj
MD5

bbddcd512fcb1bf4efdb11987c45d861
SHA1

9fcab4ae4f41f478e8b8eda82e19d7e37fffaf63
SHA256

75eaf0cad1ec5a2d549238ad1dd05b1df911ba69dede4fcfd0aafa0aa01db8a0
SHA512

8dcae5750daee9802eab794d82db0c8830a8772d9d9733a78d879481f9de3b634f410a75d83d17e2e956081fc7aa6f0d7611a33f715175dc1205a1be76341569
SSDEEP

3145728:aU6Yky/N+O5V6HToU3usY7N6pzeWlDgal:V7N+On6HbesgN6MY

Score

10^/10

stormkitty xworm rat stealer trojan

Static task

static1

stormkitty xworm

6 signatures

Behavioral task

behavioral1

Sample

XWorm V5.6 BypChat.zip

Resource

win7-20240903-en

windows7-x64

7 signatures

1800 seconds

Behavioral task

behavioral2

Sample

XWorm V5.6 BypChat.zip

Resource

win10v2004-20241007-en

stormkitty xworm rat stealer trojan

windows10-2004-x64

16 signatures

1800 seconds

Malware Config

Targets

- Target
  
  XWorm V5.6 BypChat.zip
- Size
  
  106.6MB
- MD5
  
  bbddcd512fcb1bf4efdb11987c45d861
- SHA1
  
  9fcab4ae4f41f478e8b8eda82e19d7e37fffaf63
- SHA256
  
  75eaf0cad1ec5a2d549238ad1dd05b1df911ba69dede4fcfd0aafa0aa01db8a0
- SHA512
  
  8dcae5750daee9802eab794d82db0c8830a8772d9d9733a78d879481f9de3b634f410a75d83d17e2e956081fc7aa6f0d7611a33f715175dc1205a1be76341569
- SSDEEP
  
  3145728:aU6Yky/N+O5V6HToU3usY7N6pzeWlDgal:V7N+On6HbesgN6MY
Score

10^/10

stormkitty xworm rat stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

behavioral2

stormkittyxwormratstealertrojan

© 2018-2024

Terms | Privacy