Overview

overview

10

Static

static

10

Find Walle...ck.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    309s
  • max time network
    313s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-01-2025 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Find Wallet v3.2-Crack.exe

  • Size

    3.5MB

  • MD5

    68f929dc1286bf7af65bf056845f9b42

  • SHA1

    1f1d9848811b3c00066f8be86035fda994ceedfd

  • SHA256

    0d20648267d3004ba95b04f9ef01f3f6e40644b46773990807c2741adbdd3d82

  • SHA512

    d2019f58239c44e8a0b2e92c04985943c998e32974b9a322fd3d925c13ec83b733520ddc06c15b2e43ab2587b1fbb4f799b6972f5f9b4069c5d7023cf720249a

  • SSDEEP

    24576:GfP8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tp:UP8j/MW+ise8IW4rF5ovXy6t7BQj1

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Stormkitty family
    stormkitty
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 4 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Users\Admin\AppData\Roaming\Client.exe
      "C:\Users\Admin\AppData\Roaming\Client.exe"
      2⤵
      • Executes dropped EXE
      • Accesses Microsoft Outlook profiles
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:4376
    • C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
      "C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Client.exe
    Filesize

    320KB

    MD5

    bc5da83795b587fb1dfce2d6bef2d176

    SHA1

    ccfd73ae06c12385a19f0cc836ac8a8bfda8c8d0

    SHA256

    d8539aec2e01d20b840f4c35ae675eca7f85de828282d03c4aabad6034cd8ffb

    SHA512

    503399a12376fd8036d2cc89cfb0652038e708dc9f098c55dfd19c04ff0646ffce31ecbfd84271ad2334058a2aa074bd53f96483d1fcb32bdacdc4a965957ff5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
    Filesize

    3.0MB

    MD5

    c309cb9865dfc6dbb7f977f4c0f722c0

    SHA1

    b3a7d7fbedfeb6edd951f4b5d9a28b2af44dbfe9

    SHA256

    51472e512316807270d85560bf6e3030355007c36a4f74d59a286411bb5378b5

    SHA512

    a70067011aa20c814d927e628e229800b0ea6918be755dae17d27edb5ea5072de595d115cd134a8d77ab87e323657b6a0a22e31dbf6a74278e07219e64960797

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Desktop\ExpandOut.docx
    Filesize

    155KB

    MD5

    2cc62cbbaede1c833b20da542feeb834

    SHA1

    53455bf48481f12a50819f93d6739c5a0863f98c

    SHA256

    9672e80ebe2cda2bc801f508eb721bb5af5fb7db5cd246500a8524b9aaf64d57

    SHA512

    24a7ec4edba95832604487c1a9024fd13379889fb1e6a7d7edbfa4f8d6412f29eb37dc37300b603f31b27d1166ac7e1cdd87ad0f7697f68daec9fe03fb020ae0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Documents\OpenDisable.xlsx
    Filesize

    427KB

    MD5

    54b0915241e73f4667237be204302af5

    SHA1

    6016f0f108885067b100252edc2e5c6508d19521

    SHA256

    3c42ff1a441c8b38ea98304139ddffce78548e4101a3244384b91887d97706ac

    SHA512

    4a491d53094739d5fa5a3181eea3291981784c42d2650befbf53f2afd5c2d590a48604dee7e97ada2a2e27e594f9da432d6ce87a7bfc60e7b51d5729f53ce752

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Documents\ResolveTest.html
    Filesize

    509KB

    MD5

    8d2a60fda995ba6762322b48ed6c55d8

    SHA1

    02e9c63abae793ef50beb07fd5a7458d7cd57eb7

    SHA256

    665758546807d9e9743f9d123a1a1f891a8e57aed37ca01cb06e578505043e2c

    SHA512

    fbd1ae3d3c45fadedbaee09eb7f3ca4fb3b5f4b77546bd4252fe259c11084e13e28a7cf8213f9af08d42f9c9c67509237e5f6b82dc025dbea0b492a0deff8780

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Documents\SearchLock.doc
    Filesize

    570KB

    MD5

    49f13cfedfb524bbd0f105f849a09d57

    SHA1

    d5c9b4fbf2a511adc25b07cfdc8bfd026c566a31

    SHA256

    c6b2074713021d766314bcb73b5c9a061dd55b13873a0ffa697e68e7f604d6fd

    SHA512

    d5536e950e8c07daf4296cc89041ef82bd0841b882394a369f084fb37cb092d5d6df025f359980fd9fec831224edb782994fb5b30538512f51f76b3dfac6c0eb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Downloads\ImportGrant.sql
    Filesize

    333KB

    MD5

    16f740a885f546d44f3ed54cfca41e5f

    SHA1

    497c7d4d7b41fee5e126c8d7c8143110a8ff672c

    SHA256

    e663d0dda4eab24a0c53e6236d68fb9731f2191e3ce08b642cd5680c264106f5

    SHA512

    c967548ad266d7412f028e2f8767444fbc81f023b75bd9eee4617a642744a6a4e2509fe66d27189104b3a612b9e8ecafa5218abe7403ba74c0664a01e26fad4c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Downloads\SendGet.css
    Filesize

    629KB

    MD5

    baa87a2773bae6340454f21a3640cbf8

    SHA1

    b0386a5a25e57134c3bb4451838d3126056c1864

    SHA256

    1f373da5f6c5b15561ac0ade4d9f659a1e383c4cfe3617420e952cdfcfd08644

    SHA512

    21c5f0dc7ea9e589c88a46910d4d08fdb3da7a5d01cd1ea8596e80b7a338f27de020fb4c32b39584c6fd36ffaba4707be617bfa8fbb79d5593e1b85cce8af9d6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Pictures\AssertDisconnect.svg
    Filesize

    204KB

    MD5

    50781053fe898ef84477f3d936f97476

    SHA1

    888c9279e175b2edfd10d5a39ddc70f3aa3787dc

    SHA256

    01975cd6cc9758265733265d802cd14d16ccf2cfbe1e1952a9e840cf264539b9

    SHA512

    6042ea0276887d003bb82138c344b586b10f59b668a6ae3e17a39f1c9edb1c92056403906c006366778635ef36f1c8582f6bc168f44b408360fa85189cd1f091

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Pictures\EnterInvoke.bmp
    Filesize

    232KB

    MD5

    8c14f2375ff8c8478baf32cf91016096

    SHA1

    9407c28c034d5bfe9daf72a1ba5c1d5ea8de8d76

    SHA256

    7c19949ea68196b880e3a8536d8b5b3a5464e6b5c42bfce089ef6b933748fa29

    SHA512

    90fa8762d80ec57d22b85e4d32cb4626644eb41e41e217b23966bf98713bba805b70865181f59bdd77a057c50a884144f5814473fbb41c0ad62bb67fc4115815

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Pictures\InitializeUndo.jpeg
    Filesize

    559KB

    MD5

    513ed8b59f1bd4a53327c632a2618681

    SHA1

    9783c310c920eb9e82ad5f46de6072f29828ea4c

    SHA256

    7cb25b0918e9dff78937c59ad495fbf1f9251dcb9ac940d281d52335cdbfe539

    SHA512

    8ef7eb07a854d197a7675ee056fbcd72642198d00eff0f95cc720a6ee2c9ff9d3ad72678e3a9868c7289e221a48eb375603d84f3769d7e692cc55d3a2f082152

    Download Submit

  • C:\Users\Admin\AppData\Roaming\OKUUPVQN\FileGrabber\Pictures\InvokeApprove.bmp
    Filesize

    464KB

    MD5

    094ca8114574df3eb44ad99a3d2987b5

    SHA1

    c17f7b7e2ed10f4b5b166593cfebf788f578c1da

    SHA256

    d69ee8098c9b270cd424c8366a7898e7c55813b3494291c30c38a5454eecb9bf

    SHA512

    12ebded670690087c0bfa3b187093ab72f9ee4cac367a72cdd3a30c1198468cb550e5718679da8c8eadc9ed6ccb009a85ae130a9ae0dace4ea11ad0954e99b9f

    Download Submit

  • memory/1084-0-0x0000000074A91000-0x0000000074A92000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1084-28-0x0000000074A90000-0x0000000075041000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1084-2-0x0000000074A90000-0x0000000075041000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1084-1-0x0000000074A90000-0x0000000075041000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2564-29-0x0000000000960000-0x0000000000C70000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2564-59-0x0000000071B90000-0x0000000072341000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2564-30-0x0000000071B90000-0x0000000072341000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2564-182-0x0000000071B90000-0x0000000072341000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2564-118-0x0000000071B90000-0x0000000072341000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2564-60-0x0000000008BA0000-0x0000000008BD8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2564-61-0x0000000008B70000-0x0000000008B7E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4376-97-0x0000000005760000-0x00000000057F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4376-98-0x0000000006980000-0x0000000006F26000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4376-100-0x0000000006750000-0x00000000067B6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4376-119-0x0000000071B9E000-0x0000000071B9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4376-31-0x0000000071B90000-0x0000000072341000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4376-157-0x0000000071B90000-0x0000000072341000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4376-27-0x0000000000650000-0x00000000006A6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4376-22-0x0000000071B9E000-0x0000000071B9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4376-311-0x0000000071B90000-0x0000000072341000-memory.dmp

    Filesize

    7.7MB

    Download