stormkitty | JaffaCakes118_09a93bd29feea6b25159e5e164746ca9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_09a93bd29feea6b25159e5e164746ca9
Size

570KB
MD5

09a93bd29feea6b25159e5e164746ca9
SHA1

17f7fffc982a78aaaffb14f295088a03a4f13540
SHA256

50b9cf2c1eb6d95baedf2bdcc2366d0510ba78eea4b276331a4a639311612924
SHA512

2dd7b93a9a51bf6c97f0a77c3e2ab8320226bc24d6ae1682e4215e23ecfe6364b37f88356f1c115a7588a3a372ba2ac3509b427b909345cb819a5a1e8e153c69
SSDEEP

12288:M42NJ2iYSZLJLdvOSsnjS4csBrge6sf7:mYShhJLH4csTJz

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_09a93bd29feea6b25159e5e164746ca9

Files

JaffaCakes118_09a93bd29feea6b25159e5e164746ca9
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\DarkOracle\Royalty\Build\stub\RFS\obj\Debug\stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ