Overview

overview

10

Static

static

3

Spyroid Ra...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Spyroid Rat v8.5 Original Cracked.exe

  • Size

    55.7MB

  • Sample

    241215-vxe49sspbl

  • MD5

    f2a9d485cc841bbd44543973e3739c05

  • SHA1

    53235a653bfc5822693e9adfdea01e1164909df9

  • SHA256

    37fae2ac78281be79821e625ba969bcd0c11336c56e68b71b5fbb284e9f8fd60

  • SHA512

    4de26d0f38868934182e0ef1fc3270990a66eba2c6af340490f55e4bf7f04696f91f93f62457191031d468e34c0ec5f0ba4995df63275dbf77254b1a7d2be56d

  • SSDEEP

    786432:JrXC9Vqv1tRgvtgkG8iAl0dYyBGpjKElxsdo/AG9Lqxlwy+WpL15Q7HxJ1KP3u5C:JjC9VvtdG8iV6jKmqdo/ry+gXwIuqxZ

Score
10/10
stormkittycollectiondiscoverylateral_movementspywarestealer

Malware Config

Targets

    • Target

      Spyroid Rat v8.5 Original Cracked.exe

    • Size

      55.7MB

    • MD5

      f2a9d485cc841bbd44543973e3739c05

    • SHA1

      53235a653bfc5822693e9adfdea01e1164909df9

    • SHA256

      37fae2ac78281be79821e625ba969bcd0c11336c56e68b71b5fbb284e9f8fd60

    • SHA512

      4de26d0f38868934182e0ef1fc3270990a66eba2c6af340490f55e4bf7f04696f91f93f62457191031d468e34c0ec5f0ba4995df63275dbf77254b1a7d2be56d

    • SSDEEP

      786432:JrXC9Vqv1tRgvtgkG8iAl0dYyBGpjKElxsdo/AG9Lqxlwy+WpL15Q7HxJ1KP3u5C:JjC9VvtdG8iV6jKmqdo/ry+gXwIuqxZ

    Score
    10/10
    stormkittycollectiondiscoverylateral_movementspywarestealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Remote Service Session Hijacking: RDP Hijacking

      Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.

      lateral_movement

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks