stormkitty | 4cc278ee6bcb828bf809f398e58e023099a02f7fe372d0d0a6632952b4093b4e | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-ltsc 2021-x64

Resubmissions

18-12-2024 07:37

241218-jf8vga1lel 10

18-12-2024 07:34

241218-jd6bka1kgm 10

Sharing

General

Target

XClient.exe
Size

49KB
Sample

241218-jd6bka1kgm
MD5

89bc15122f16df2eb618add250990ad0
SHA1

47e459aa4ed8a83a84a4912db8a1dc61fb8a6375
SHA256

4cc278ee6bcb828bf809f398e58e023099a02f7fe372d0d0a6632952b4093b4e
SHA512

4d465eeffb4cc1f886614e35b2075a97d604fd131acba2119ff0c7c5c43e9ba90006f67334195f7c415c888b3ef8441e13e3b4890968c8d547258e2e51d5cbfb
SSDEEP

768:+WFNI2RdYFIOoUHEdc8e6akgkb1gndeaet/OtsXhMHN50w:+87nYercEdclHkb1gncFO8eH70w

Score

10^/10

stormkitty xworm discovery execution rat spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10ltsc2021-20241211-en

stormkitty xworm discovery execution rat spyware stealer trojan

windows10-ltsc 2021-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/hMSQvtUM

Targets

- Target
  
  XClient.exe
- Size
  
  49KB
- MD5
  
  89bc15122f16df2eb618add250990ad0
- SHA1
  
  47e459aa4ed8a83a84a4912db8a1dc61fb8a6375
- SHA256
  
  4cc278ee6bcb828bf809f398e58e023099a02f7fe372d0d0a6632952b4093b4e
- SHA512
  
  4d465eeffb4cc1f886614e35b2075a97d604fd131acba2119ff0c7c5c43e9ba90006f67334195f7c415c888b3ef8441e13e3b4890968c8d547258e2e51d5cbfb
- SSDEEP
  
  768:+WFNI2RdYFIOoUHEdc8e6akgkb1gndeaet/OtsXhMHN50w:+87nYercEdclHkb1gncFO8eH70w
Score

10^/10

stormkitty xworm discovery execution rat spyware stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittyxwormdiscoveryexecutionratspywarestealertrojan

© 2018-2024

Terms | Privacy