stormkitty | d6d20f33d5b0928df1cdad670ab8f9fc1fd0f3558a6cd539b46b45fe954949ed | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.2.rar

windows10-2004-x64

Sharing

General

Target

XWorm V5.2.rar
Size

30.2MB
Sample

241231-2m7vvstjas
MD5

67a05621d5b9df04f7aa15359880ee0c
SHA1

2d420d00e5a6ddd50149e6594ad5a9131238fbcd
SHA256

d6d20f33d5b0928df1cdad670ab8f9fc1fd0f3558a6cd539b46b45fe954949ed
SHA512

48f61ca4b7a3d94630f94660e8cec8fe8f4e881063500d7e0618fe2aa799138c1d0c34c2a2d973a13980fef2c7d14f94e1c47cbe5ec966715d24acc979d1f785
SSDEEP

786432:AyEdI35cJuWL9qeVCp3K7cLpeEJfi2I7auNJuaaJxyXzmM:AI35crZlVCphFrfi37HPnjmM

Score

10^/10

stormkitty xworm agilenet evasion rat stealer trojan

Static task

static1

agilenet stormkitty

5 signatures

Behavioral task

behavioral1

Sample

XWorm V5.2.rar

Resource

win10v2004-20241007-en

stormkitty xworm agilenet evasion rat stealer trojan

windows10-2004-x64

23 signatures

600 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

tMXK9LS2nH2o6bKH

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm V5.2.rar
- Size
  
  30.2MB
- MD5
  
  67a05621d5b9df04f7aa15359880ee0c
- SHA1
  
  2d420d00e5a6ddd50149e6594ad5a9131238fbcd
- SHA256
  
  d6d20f33d5b0928df1cdad670ab8f9fc1fd0f3558a6cd539b46b45fe954949ed
- SHA512
  
  48f61ca4b7a3d94630f94660e8cec8fe8f4e881063500d7e0618fe2aa799138c1d0c34c2a2d973a13980fef2c7d14f94e1c47cbe5ec966715d24acc979d1f785
- SSDEEP
  
  786432:AyEdI35cJuWL9qeVCp3K7cLpeEJfi2I7auNJuaaJxyXzmM:AI35crZlVCphFrfi37HPnjmM
Score

10^/10

stormkitty xworm agilenet evasion rat stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

agilenetstormkitty

behavioral1

stormkittyxwormagilenetevasionratstealertrojan

© 2018-2025

Terms | Privacy