Overview

overview

10

Static

static

10

3d5021b656...77.exe

windows7-x64

10

3d5021b656...77.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2024 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d5021b656dcb39863d39430a4eddb5d6eb0e177.exe

  • Size

    320KB

  • MD5

    1b8dac31eb30bd909fadcd9738c832ca

  • SHA1

    3d5021b656dcb39863d39430a4eddb5d6eb0e177

  • SHA256

    80f34efce3765a4e57c2f333981112bff3788633bd515fa48b6eb16b88113660

  • SHA512

    25b02e6ae62add0a550b6c6cf3b1506177012ff94d885f0773fe5a7554d1fee1c96c3f286d6728eae31249eacbfc26d4869633145ba48ff3e6cef54ae8a9e54a

  • SSDEEP

    6144:3m/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvv:3m/Q6P8j/svm1TXI5tZB

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 3 IoCs
  • Looks up external IP address via web service 7 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d5021b656dcb39863d39430a4eddb5d6eb0e177.exe
    "C:\Users\Admin\AppData\Local\Temp\3d5021b656dcb39863d39430a4eddb5d6eb0e177.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Desktop\CheckpointMerge.xlsx
    Filesize

    13KB

    MD5

    571f79c22c24ac02c7ef5a2191af5823

    SHA1

    36a9685b02fceeb00d11f01ae5d51ee10e66db88

    SHA256

    2fa8f40deeb6a23ad77b533755690e70014efad7675528450a72feb2036d9c2c

    SHA512

    31681631648edf1f08c289f960bdb562506d13988638d90a17c8b07d51758fa0f57e4ad04157762281f22b3a8a4281f5836ba36041a4d54974593e8d53555dc1

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Desktop\GrantJoin.jpeg
    Filesize

    459KB

    MD5

    422685d445860a8e5433cc22031550ff

    SHA1

    19a042f140ca40ecd456e56bdc8574c1d5303ea4

    SHA256

    41eebe46f479b62da195e4ab6263e0fb966186432417d81ed38deddf2b394a8c

    SHA512

    152217f9680738556bc7cb68191183ae928e815625b8dc26c0732fa38fbe4ae4ff071eadf3e284eaa0f841d6ab522f0045b174ee2fc8166b1214a2fb79ad0e87

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Documents\ApproveSend.rtf
    Filesize

    860KB

    MD5

    3ea7e46dd187868cc6a82f21955c3610

    SHA1

    7dd32f206163e72ea77a850fc7ac1762d9b05b90

    SHA256

    7e1de484d3470f245d42aab6232fbaeae2b9beb1335c23a746626ce609e39c51

    SHA512

    aba3306d8af0e86fb8dd0e49647c759aae31e04ae15e13c64399861691e86835334b018c7fe85ef932ddb582bf9dbac8d278189f9164c6365436c5fefe9f50f9

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Documents\CopyExit.pdf
    Filesize

    923KB

    MD5

    4151d15fdb06b5cfe3dd574f6aa8da5b

    SHA1

    0f0051f64d78b84ab21ed8b9d2963817f40cb030

    SHA256

    c9cea117a260d665b3028dc907cfed9988fbb235886d2ad0962d24a536c42d99

    SHA512

    ddc61ecde4f5005aed3c4d10684de4ba4dab0b50e3fbf997e45fe48b9c385c32b73b077ec9021c2589948883586a12b706e4400b4133c8f7af2f7c327dd0272e

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Downloads\ExportImport.html
    Filesize

    874KB

    MD5

    f6b406e922e017ae772d40c81351c036

    SHA1

    d11fb1b7188b4e59084ed14774661d1514a7ea00

    SHA256

    620116f01f43f191bf20e81b197574369800b9202a3147e1f0a1f4f8c6364379

    SHA512

    a51ac3b4886a527187eb75a9f28d27bd819b468e933ac5f2e3f3ec8572633abd6328aa7d4d286aa5094fb31296bcb11af822ea9bfd13d983588e650ca7ba9c03

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Downloads\HideDeny.css
    Filesize

    837KB

    MD5

    3a7a2e902db654040ba666800d83b874

    SHA1

    f3c592455427ce7e683105a1a8bdf39bec8caba2

    SHA256

    d0b8eeb17f6d5b275694c9d2b27cd8cb2e940c59bd44a8edfc1df9dfbf47264f

    SHA512

    5ae58b60b61ba11681415c9d151dc1888a48bad7a54cfb76ad9fe767ea40d0f7b55728001c3e7ffa99a8a738b288bec3b00d504e53d844791dcdfacb27c36419

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Pictures\DenyFind.png
    Filesize

    131KB

    MD5

    4e889485d8949b339511c0de6fea08e4

    SHA1

    f55e6ac3f8d4bf29d1ba0f7c8cbe68c5a0f3c132

    SHA256

    faaba7d47c5f004e39c8135ec7a0c66954909004ed534555641bafbbbb1889dc

    SHA512

    64a2482b74e15aed1f94b2d8417365a1b787b5b7cff195a3b8741a8c0131dfe6e544011b99a3e630eb6217345c93e0a0e384dd2b08d3304472da231ebe2ee67f

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Pictures\RenameConvertTo.png
    Filesize

    184KB

    MD5

    960e319b21d1c76f1afaac9dbed19a76

    SHA1

    83579a4bea7ff40128d1abdcb6e81f6f3d19d41c

    SHA256

    834fbffdb3c217686808824223a936e2ec3cbab2015e01d2b674d764f977a6a8

    SHA512

    820257a807be672b9e87db76e5ea82047348504e6e95aad88df36ec9f30e2d8231bec4dcd97bf20d1fb076eea4418adc6a36f5df8557c17929dc7a9bbf3eca31

    Download Submit

  • C:\Users\Admin\AppData\Local\UPNECVIU\FileGrabber\Pictures\SuspendSwitch.png
    Filesize

    379KB

    MD5

    ad8a556216b464c7bbe6c8d16674febb

    SHA1

    dd6f91a78afd9c1cc64fde1e73b578e8659316ae

    SHA256

    e8f7d7e275111ea984fa5311807dff5885ca20502a0be15260cdb15e1fba98fc

    SHA512

    a0596113680818157d888164fd68df58bcf862d15862cfa62e4d4b904f23ea1188f273c00e999b1035f0d53947bed4df87e230532c6f79998aad8be92ec2930f

    Download Submit

  • memory/2152-2-0x0000000074330000-0x0000000074A1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2152-1-0x0000000000EC0000-0x0000000000F16000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2152-0-0x000000007433E000-0x000000007433F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2152-165-0x000000007433E000-0x000000007433F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2152-166-0x0000000074330000-0x0000000074A1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2152-192-0x0000000074330000-0x0000000074A1E000-memory.dmp

    Filesize

    6.9MB

    Download