stormkitty

General

Target

XWorm v5.6.zip
Size

20.2MB
Sample

241229-ae6t2swndj
MD5

b525c43344ffff1069adacc7a287bdfe
SHA1

a8cf528c12c1a4d4e2601ba2c301ced2bb220175
SHA256

12c44fdb866e2d85ec1cabbe3191a823ec5bf07098439fec51c3029f945f63e5
SHA512

14f1a49bbdb657d251c82877f160a7d46a28f13fd098be09733ee3210735975f9abbd348e07d8de01761d417eb1b1ce073a63913a995f791c3683120cd7ea591
SSDEEP

393216:Q9ykF90ZtDWvhYlHgYBPgBF2vFxKu3CZLv+4QBDOCNMkMW:Q9b9e5Wvil77v2u3CbQTNMkMW

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

BXi3DoGqMIr1tAUe

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

install_file
USB.exe

Targets

- Target
  
  XWorm v5.6.zip
- Size
  
  20.2MB
- MD5
  
  b525c43344ffff1069adacc7a287bdfe
- SHA1
  
  a8cf528c12c1a4d4e2601ba2c301ced2bb220175
- SHA256
  
  12c44fdb866e2d85ec1cabbe3191a823ec5bf07098439fec51c3029f945f63e5
- SHA512
  
  14f1a49bbdb657d251c82877f160a7d46a28f13fd098be09733ee3210735975f9abbd348e07d8de01761d417eb1b1ce073a63913a995f791c3683120cd7ea591
- SSDEEP
  
  393216:Q9ykF90ZtDWvhYlHgYBPgBF2vFxKu3CZLv+4QBDOCNMkMW:Q9b9e5Wvil77v2u3CbQTNMkMW
Score

10^/10

stormkitty xworm rat stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Contains code to disable Windows Defender

Detect Xworm Payload

StormKitty payload

Stormkitty family

Xworm

Xworm family

Executes dropped EXE

Uses the VBS compiler for execution

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2