General
-
Target
Numify v5.2.2.zip
-
Size
4.8MB
-
Sample
241222-sxcm2aspdp
-
MD5
ac23213dc530dee8babc813007c31435
-
SHA1
8a57fee35518882f9bcb3981b6a85762ef5251e8
-
SHA256
04b991d3f612f407f35e5808285ea66e2948d56ce0f2208bab13510720a154e0
-
SHA512
6c9fc6f20a40de8146b188d1ac65d5204ea7b4679bfa4e6f8217a35a71b5f040f01d7618034df9ed76f04099ec024c5d10154f2ae1384117cf1c21c12dc315ca
-
SSDEEP
98304:Pblg/9/1hlEldT3HMnWangwvSE4HN07eMmpgsjSs7MKfnNPSYKovM:P5g/t1rEHT3sn5gw6DeTmpXShKfn9LvM
Malware Config
Targets
-
-
Target
Numify v5.2.2.zip
-
Size
4.8MB
-
MD5
ac23213dc530dee8babc813007c31435
-
SHA1
8a57fee35518882f9bcb3981b6a85762ef5251e8
-
SHA256
04b991d3f612f407f35e5808285ea66e2948d56ce0f2208bab13510720a154e0
-
SHA512
6c9fc6f20a40de8146b188d1ac65d5204ea7b4679bfa4e6f8217a35a71b5f040f01d7618034df9ed76f04099ec024c5d10154f2ae1384117cf1c21c12dc315ca
-
SSDEEP
98304:Pblg/9/1hlEldT3HMnWangwvSE4HN07eMmpgsjSs7MKfnNPSYKovM:P5g/t1rEHT3sn5gw6DeTmpXShKfn9LvM
Score10/10-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1