Overview

overview

10

Static

static

10

8bd6fcaf58...8a.exe

windows7-x64

10

8bd6fcaf58...8a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2024 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8bd6fcaf589fc2aa0724dbee715075119547480ed155025a10da750e8f07dc8a.exe

  • Size

    320KB

  • MD5

    f71e90cbe5a122796864f70feba51a50

  • SHA1

    b63521622fbd176baddf513e2eb191f655880bca

  • SHA256

    8bd6fcaf589fc2aa0724dbee715075119547480ed155025a10da750e8f07dc8a

  • SHA512

    001e5b02b5f28b2e9d8cff0baedbd5c21aa6da19f41629037438d39dcfdb6b1322c50571cb7a8fade72ed284d411919a6db319120c1d127df8488de95f7fd12f

  • SSDEEP

    6144:Wm/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvJ:Wm/Q6P8j/svm1TXI5tZB

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 3 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bd6fcaf589fc2aa0724dbee715075119547480ed155025a10da750e8f07dc8a.exe
    "C:\Users\Admin\AppData\Local\Temp\8bd6fcaf589fc2aa0724dbee715075119547480ed155025a10da750e8f07dc8a.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:1200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\UTKBEBLO\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Desktop\CloseRestart.png
    Filesize

    375KB

    MD5

    3fc10059ad3293241a59b942b32bbf4f

    SHA1

    f20ccc5fdf43aa374d32f8ec2505633d7922ca6e

    SHA256

    a0096f0acd025a5de055976611215b0ec4a6103a0cc12387619151519f4327cc

    SHA512

    ad822c9b9c39e63ba856f6ac01c04c7e12154b434841c255ccaeb47babd72178b40afe1b5ba2cf68bfa86a1d3a33162ac1174cdc9977ca60a942af539f764f00

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Desktop\EditSwitch.jpeg
    Filesize

    266KB

    MD5

    be9fc20c07aef46f99423f17878ab6af

    SHA1

    9b4976fe5b9cb350d49b5b42880c7ed75dba533c

    SHA256

    3347e1356cc71e8a91aea315b200540201e972f1bdaa4c7dee27a1a7ac7f4819

    SHA512

    10a7d9c08c09c50d67ef347afb3d040611357395a1e3056400c236f86523f80ef74a97119214d7b3fe243b06b7b5ed850c63bd48c5245ed585683628051e5956

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Desktop\HideBackup.jpeg
    Filesize

    424KB

    MD5

    2d791af7f2b7ebb065fc05405281d97a

    SHA1

    6a5a0665e695e50328ff7c90a597e396a4bf9bde

    SHA256

    4e33e5d4aed8ab8ad271ac03169256e3ae73ee9794476faf2c24c686e70a12d6

    SHA512

    c80965781ece3d2991f97a1a127b0d41298e3a212144dd91a5773f2478a9364d49efff65798c5d86fe2c53d3f6faac999e58237c0bdbc633afac0726515ce084

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Desktop\LockConfirm.html
    Filesize

    351KB

    MD5

    dee010d2ce7c7d7aea4247e9bc586d2e

    SHA1

    b7dac94fda345d9c5f5c16a8f78cca3376004732

    SHA256

    d2f55f8f56d774d1d49500de709850faf6f2b40b039c953a7b628e356500d04d

    SHA512

    07a96e339066eb6189ed03a5c0ad24ca84e2e3748c9c24d499d2c2a243167a432ccf0454aa6002d43535d051f5a2e299ad2f89d784857c782002792b25092955

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Documents\PushInitialize.doc
    Filesize

    1.4MB

    MD5

    56e2815bb79406b0deb0c66f99d4ffe8

    SHA1

    c29e7f069fd8102bbc8e77d3b54f4543588ecfbf

    SHA256

    60442ccf62a25b0b1dd8a1d50c188a8ca6dd07162d004173117970bca249b38b

    SHA512

    bd0c47bdab646f5f268b1d05f7c82fe700ac1c509935a503a7f0737bbaa71c818e768f8e06ae8983cd47cfb4242523118f6850eba5d0c77eb71279199fb51a0e

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Downloads\CopyPop.doc
    Filesize

    979KB

    MD5

    d7325b364c3095ebde97f05ca3885bf4

    SHA1

    948626b239f708cae189782c5b0005442c93349a

    SHA256

    638420021154c06dc0b1d2c39065303836a7d6f6709201e11cb70bd8850460cf

    SHA512

    438f9d7087e59c99fb34ef42fe6b36f22c52115749ab01e9aad9672e7415532b928302f2361da68029dd81e5175a35578b6d2fbe94b4980348484d90d7ea1d9f

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Downloads\DebugLock.php
    Filesize

    931KB

    MD5

    8abcfe82a628b34c54763d200a533cd5

    SHA1

    10ef7d30160207d87156335274863a363ec4b0d7

    SHA256

    f1f0a521f85c2d5d68a0661ee50ac66037697924b05ad896012544e7b754bf2f

    SHA512

    180b10a6184bba43bace51e4908f1d5c7778366deaaba460ba928380014c7283625f1cc627ff39efca24eca913a1c1377bbe7fe316d59ccdc287cb95a5cb65cd

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Pictures\FindSwitch.jpg
    Filesize

    434KB

    MD5

    15cba42b16b1fbd7c76dce90210d539f

    SHA1

    a8e19e78b9f9f4b026bcf0c91b9a9760e1ea6e28

    SHA256

    f6b4d9cfdaec5e6eda5f8f0ad6e1bcb64f5d532b0403cc2f7988c2a6e80c76b2

    SHA512

    d747bb5b99a61f7698f194afbb01c2191dfacc3e5feda7a2235eef9bbb879acef6e703aad164c65916354432cfd59682e65e596b3b8544465a56c085f5259d4a

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Pictures\HideConvert.jpeg
    Filesize

    213KB

    MD5

    7f56f1bf1e8329b8201311c62d0ac332

    SHA1

    f620e63bf39e0788be2582470ad63dfb694a80ce

    SHA256

    0c5d2cda1f35da5e9b6dd62ce3cda7b7052ece00e6214f593bb2060ca5384568

    SHA512

    5d78e08aff75f3b89131eeae3ef510f0f2e306a147d1fdc372d2b3ebff135d214743dad7a6dbe4df037d86cab2a0dedc011f4559b27c12246f2860f3a171a825

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Pictures\PublishSet.bmp
    Filesize

    228KB

    MD5

    3ad0333d889133585f84e6ae0e31cd1c

    SHA1

    cc3126e740f267a7d6474a53f342d79ffb80aa99

    SHA256

    c069d4839bca0cbd1b9909f3cb4175d05410cc229cca16984d2a01d156dedd55

    SHA512

    16770ba93166fabd09c083c4fa2df94c6da6a95b806b23b9bd8714f358ff9f5f03baa6f4f27b8e455836b2895f32ba173f570d7293e039f20f119c854a3750b0

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\FileGrabber\Pictures\PushBackup.png
    Filesize

    449KB

    MD5

    0e83ccc043ba95f97cce79ef4ee7bf4f

    SHA1

    b90f388dc53bb39c9519998ef83c056c5765ca29

    SHA256

    63435570c91abf4601b1948470972c676985d27497ef103501e7ff40376eaee4

    SHA512

    60de7c1823bcf0b28f607a61b1929ca54b67ef9560f72eba39a880ea4eacdac7acd515b1405d196e049ed1d64d3d10ffc9f53acee819c32319249062cef26cb6

    Download Submit

  • C:\Users\Admin\AppData\Local\UTKBEBLO\Process.txt
    Filesize

    4KB

    MD5

    cb308bbb3c0dbdada470c115483fb03d

    SHA1

    a13dae2fdc58f5c8aa1e9730139bf2591165a1d2

    SHA256

    af0f10c45a4d5b5ee44207ec1b3a222f145ebdfded37ef8ee24351f2595161e6

    SHA512

    d876bc9412b7fbc77d6c4149de90ec959921ff9eb38127006ad6717bd06d7c98ab5c753e86875912a3dad5d16abfd03dcf5ac2579a70aa26b193a1885c5435c9

    Download Submit

  • memory/1200-31-0x0000000005FD0000-0x0000000006062000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1200-1-0x00000000002A0000-0x00000000002F6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1200-0-0x0000000074DDE000-0x0000000074DDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1200-2-0x0000000074DD0000-0x0000000075580000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1200-32-0x0000000006620000-0x0000000006BC4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1200-40-0x0000000006530000-0x0000000006596000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1200-234-0x0000000074DDE000-0x0000000074DDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1200-236-0x0000000074DD0000-0x0000000075580000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1200-262-0x0000000074DD0000-0x0000000075580000-memory.dmp

    Filesize

    7.7MB

    Download