stormkitty | 50b9cf2c1eb6d95baedf2bdcc2366d0510ba78eea4b276331a4a639311612924 | Triage

Sharing

General

Target

JaffaCakes118_09a93bd29feea6b25159e5e164746ca9
Size

570KB
Sample

241231-hqmvbazlfq
MD5

09a93bd29feea6b25159e5e164746ca9
SHA1

17f7fffc982a78aaaffb14f295088a03a4f13540
SHA256

50b9cf2c1eb6d95baedf2bdcc2366d0510ba78eea4b276331a4a639311612924
SHA512

2dd7b93a9a51bf6c97f0a77c3e2ab8320226bc24d6ae1682e4215e23ecfe6364b37f88356f1c115a7588a3a372ba2ac3509b427b909345cb819a5a1e8e153c69
SSDEEP

12288:M42NJ2iYSZLJLdvOSsnjS4csBrge6sf7:mYShhJLH4csTJz

Score

10^/10

stormkitty discovery persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  JaffaCakes118_09a93bd29feea6b25159e5e164746ca9
- Size
  
  570KB
- MD5
  
  09a93bd29feea6b25159e5e164746ca9
- SHA1
  
  17f7fffc982a78aaaffb14f295088a03a4f13540
- SHA256
  
  50b9cf2c1eb6d95baedf2bdcc2366d0510ba78eea4b276331a4a639311612924
- SHA512
  
  2dd7b93a9a51bf6c97f0a77c3e2ab8320226bc24d6ae1682e4215e23ecfe6364b37f88356f1c115a7588a3a372ba2ac3509b427b909345cb819a5a1e8e153c69
- SSDEEP
  
  12288:M42NJ2iYSZLJLdvOSsnjS4csBrge6sf7:mYShhJLH4csTJz
Score

10^/10

stormkitty discovery persistence privilege_escalation spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittydiscoverypersistenceprivilege_escalationspywarestealer

behavioral2

stormkittydiscoverypersistenceprivilege_escalationspywarestealer