Overview

overview

10

Static

static

10

JaffaCakes...e4.exe

windows7-x64

10

JaffaCakes...e4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_ced708f928aa491a32b37ec480e183e4

  • Size

    1.7MB

  • Sample

    250109-wwd19aypdj

  • MD5

    ced708f928aa491a32b37ec480e183e4

  • SHA1

    1a46894c58d11c280ed030b95ac718212e981de2

  • SHA256

    b24c714a278ed88180aaace10ef9ff8827e7303442bf78da57e452bc00e4fe52

  • SHA512

    f36ed37c604e696307a2a4614697cf0e8f770f3062eba4819bc4e70ecf4f78d096f96cee5e744329c6e7d61b65ecc0bf88716a1e7d864824f620f1084ca1f5d2

  • SSDEEP

    49152:IohZwvj2SxBlC35eBTr6e3irsu2YArYKVxjb:Avj2E4J2Tr6e3iwu2b0Kv

Score
10/10
stormkittystealer

Malware Config

Targets

    • Target

      JaffaCakes118_ced708f928aa491a32b37ec480e183e4

    • Size

      1.7MB

    • MD5

      ced708f928aa491a32b37ec480e183e4

    • SHA1

      1a46894c58d11c280ed030b95ac718212e981de2

    • SHA256

      b24c714a278ed88180aaace10ef9ff8827e7303442bf78da57e452bc00e4fe52

    • SHA512

      f36ed37c604e696307a2a4614697cf0e8f770f3062eba4819bc4e70ecf4f78d096f96cee5e744329c6e7d61b65ecc0bf88716a1e7d864824f620f1084ca1f5d2

    • SSDEEP

      49152:IohZwvj2SxBlC35eBTr6e3irsu2YArYKVxjb:Avj2E4J2Tr6e3iwu2b0Kv

    Score
    10/10
    stormkittystealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks