stormkitty

Sharing

Copy URL

Twitter E-mail

General

Target

hmc hotmail.rar
Size

151.6MB
Sample

250117-yy5m4aslcn
MD5

772a89cd69705127509561ab31f7bc71
SHA1

420ad04563b60fffa09dfcfbc7d71b569368d184
SHA256

9e25c89846782ebffd2814e14b232447b20df9105cdfbc5a662c721360f0c7cd
SHA512

3acebbac106c422335f69e0736f39362deeb27ff38ebfc75ddb3b1f8d520b78b774cd7d5b34c572ddffae0d590f58687f6888f07099fc9b0f11a817584fe2fae
SSDEEP

3145728:/8jJRp/YRMb4d+x0DqKJBcJQcjsem2TkoFAlWw2SNQpHgqAkj8n:Ojrs+Bxj02BFA4w32dAkjK

Score

10^/10

Malware Config

Targets

- Target
  
  hmc hotmail.4/H/DotNetZip.dll
- Size
  
  462KB
- MD5
  
  8812d06dc764289aad64c5af59b31fce
- SHA1
  
  8a8d61d7a4144a536c372ff3b2721f9f82e848b3
- SHA256
  
  c89a345f82b721194a3d511415eb38f8390d224725574c242dd24349814055b2
- SHA512
  
  f46671ae4e8c62b39f34f83f4e8be2bc97d10f5f23d1328acfe3951c3c96277898ef249ee91353613e43578f4f3224aab6609c4fda966666d62db46a0e6b4882
- SSDEEP
  
  6144:BF4lenKdxBoW6iev7zBIL09vdGtSV41kJDsTDDpBnse6OVxLV/xQaqYN3fmxalo:BF4lqKdxBdheDES4csRBse6sfDVca
Score

1^/10
behavioral1 behavioral2
- Target
  
  hmc hotmail.4/H/HandyControl.dll
- Size
  
  1.7MB
- MD5
  
  1ffa7237d695541158de09ef6a3fe74f
- SHA1
  
  d46c42d47302bec68b0f42969f7b1bb4a9504d2f
- SHA256
  
  9569eda5c0af677733b29fd3247d48651a5604f21e8aa03ad0fe3508d9609ba0
- SHA512
  
  176bd9478ec75cbe4f26ecfbc0717bdaa69148c5b38a8b14b9ea8477505ec56b982350c07acebe0aae9235dc313b0b64391737d9442ee397546eb3aceeeeb305
- SSDEEP
  
  24576:Ewr+FdUo+3uuobzeXEF7qpILuLUiOBqiIiGiXiIi6ioIP7cTq2X6s8uUpWGGvAdN:E1+3ubbzapdMvU0GcH
Score

1^/10
behavioral3 behavioral4
- Target
  
  hmc hotmail.4/H/MailBee.NET.dll
- Size
  
  1.7MB
- MD5
  
  6dde77d756621d00016945736760f717
- SHA1
  
  7094f0dea1b4c4bfd7f840b63b704dfc9bdd079f
- SHA256
  
  81632ee251474cb656dce412181e9f68f426ba20f3a0c4120c868a0cf05cd6d0
- SHA512
  
  e3389201e9d198be6304b79559d9d5d457cb33c74b441afb7ecafe4aaafb3cb0d583cd4ab8a5eb6045cd934d2c2a4007f6d1474beb5584585fcaae0060f4b813
- SSDEEP
  
  24576:sDMgcE4ilhMM9XBav0OvQRk/9P7miD6MaP7N:sDMgcWfMM9XBQ0OvRmiW17
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  hmc hotmail.4/H/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  99f75ea1a4a5a0206d4be30827ca87bc
- SHA1
  
  73e6aba5d4a8be5eb82eca5b5faa2594fbae3bde
- SHA256
  
  99592e8b144529d5e0acc40028758643ae475bcacdeb5288c1a1a3c0502e0453
- SHA512
  
  c3e64c3556f58b171ac6528a448fe44f22946177580cf29b01115783e7cba0037517b40e4a32c948da623cb447038eb713f9cd0617f27f7a5873488b297b4fe3
- SSDEEP
  
  12288:gLnRIXzZu/3yNFCU8xF6xc8yNRaVjI3QMDajj1HiiiR8MJhBB0ihT1fWNUwHOvWQ:AnR0Q/3yN4U0WtCMBCj0u
Score

1^/10
behavioral7 behavioral8
- Target
  
  hmc hotmail.4/H/System.Data.SQLite.dll
- Size
  
  392KB
- MD5
  
  147328def2e79a86d7335a661eecc051
- SHA1
  
  98ff30131d77cf28807d50b97cc92cc8655e235c
- SHA256
  
  7442d48a24c1747cb17d80e95c4d7343de16e14a252484ace3be3fae55b1d641
- SHA512
  
  d26f6627f09cab90ae545df68f2df006f0beb988cfadb16f6af56a454e854a9b9c10d2ce787052b80536f9d05b7286d57e42f361f54944e20df99b3c1c49aefb
- SSDEEP
  
  12288:Omfjeeb63oRXFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5c6:Owu3oRrP
Score

1^/10
behavioral10 behavioral9
- Target
  
  hmc hotmail.4/H/System.Windows.Controls.Ribbon.dll
- Size
  
  717KB
- MD5
  
  c938bb2a9537df587d9a4ce01de447b9
- SHA1
  
  8aee2b2e1c7c6786817a5136d011f8427ac9b92e
- SHA256
  
  c3fd046e992f96a0f4b729a6864d07f2320dc2f87fb34033874429c1f03b6931
- SHA512
  
  70eb8ee86a99f25dc9a35bad85e1dcb82dd16babbea6f2a9e540687caa96de3ccbd1205117820802853b3aa922a302183df8ec9c2cd459a4d5c111958de34e3b
- SSDEEP
  
  12288:CDZDWzv+aVPZDpPBi87JBIgu7PO447irbrM+murmje0Prjk3rNr0kzqA7+pHlj99:OmUzpXlzEOIF6HX6
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  hmc hotmail.4/H/ToolGood.Words.dll
- Size
  
  1.2MB
- MD5
  
  d047d2c045926b9748c73be11ec24186
- SHA1
  
  21eff8339272aeb5f8583e21d39799e0805ae228
- SHA256
  
  155a4e2a6bdf33705a5a1d9269cd080ebac08a7acb8bc736c1a519f84a8dca42
- SHA512
  
  bc1fb21afea84c5f3ad237cda960b62d730df1f2132eaa9e2e104d6600c1fa48e880843967c4ee16ba80831dc62ff14e97bd679f633d03a5cf5923316036f3d9
- SSDEEP
  
  24576:hZP2XzaG6Rv2aGyYRswDBHj6HnLfjU2qaP64XIOeUSJ/5cnGmacfR:hZuXzayzRsqj6Ltq264XIOk77M
Score

1^/10
behavioral13 behavioral14
- Target
  
  hmc hotmail.4/H/hmc hotmail.exe
- Size
  
  320KB
- MD5
  
  6dd244ddd53c77f55d357aea0f3bc628
- SHA1
  
  30d55d00b20777fcc4032c04294f98f3d6ea6bce
- SHA256
  
  4a1b68b1e57efca7e9b6eb5dd42f264e6cadb86fce91eda03364bb444eeb7125
- SHA512
  
  edb001f6b6c53d7007a63332f16e7f09534cbdd8a2cbc789d9889d4dd8cdb1e1dfea967f0fc03cf1b6e31be2a24fbe08bf9b3b1c2e89631a2a6db49c281b0631
- SSDEEP
  
  6144:3m/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvZ:3m/Q6P8j/svm1TXI5tZB
Score

10^/10

stormkitty collection discovery spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral15 behavioral16
- Target
  
  hmc hotmail.4/H/x64/GoSrp.dll
- Size
  
  2.6MB
- MD5
  
  8f5f6ee061242d609bd05b48479d887a
- SHA1
  
  0005089c13ba90f2d150a6e117bf463a6e28af54
- SHA256
  
  6b7778f1c17b1a2d48970bdec81f1f1436066c662222ffa8200dee7c3fe610c2
- SHA512
  
  f4eda39b2bf9fe358cabb31e5f839e12704598505c16d6dd26550a5d1fa05775d34bc0ce6f631f4e3db95072630b60968cbe59d146055f87d197c9153dcdb1aa
- SSDEEP
  
  49152:IW/gxY8qgo2P+vrBQiDSLDBK31Al++gMrL+:cxYJgo2o5k/gEL+
Score

1^/10
behavioral17 behavioral18
- Target
  
  hmc hotmail.4/H/x64/SQLite.Interop.dll
- Size
  
  1.7MB
- MD5
  
  1288823e8e1fca09bb490ce46988188d
- SHA1
  
  b07fe4a5d032296e3a7d0727216af8c1d2166e91
- SHA256
  
  6514973856d1767ccb375dcb253400e710fb4f91feb758041d8defe92b1886c5
- SHA512
  
  88967f64116951092a54118055eab462082f16676ea7565f42515e88765813b53cdfbba5181318e73b668e04ddd030a0bfcf5cf47936772f68df85488b865acd
- SSDEEP
  
  24576:xcpbyKNk5l/+ddQOJ3e4vYb0XrdhCplVv1GXOO4PmhFGYHnRELAqqU:SpbB0l/+d1c0RIJvGZ2anYqU
Score

1^/10
behavioral19 behavioral20
- Target
  
  hmc hotmail.4/H/x86/GoSrp.dll
- Size
  
  2.3MB
- MD5
  
  b1e99d702b0324e19b8cdc5aa8c9cd2e
- SHA1
  
  1473b708f7c516dc31612c74cb773396f3f7ca93
- SHA256
  
  e2a69763eb347b86c5426a5028650388be585df43cbf03beb576acd095038296
- SHA512
  
  3afec80909a88ffa8a760c6b156e998504f148455bf514512bc8812e390c59835e9a8cce57b041154c894915e47c40750eab66d84c4d7eb1f0257cf177481442
- SSDEEP
  
  24576:Z3rEK7jLQfvtqvZ8UaqvFbK8qUhk8GJXiV6doA+4MHPEBm3KXUQwFAR8YtVrm7C8:ZQdkK8qU6BWStV+Cz8MVZ69rF1Mr3iHr
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  hmc hotmail.4/H/x86/SQLite.Interop.dll
- Size
  
  1.3MB
- MD5
  
  9b68a8d0393fbce1976c19107422f097
- SHA1
  
  b645fc9aff04f1de9d31d4c4b965ae0a1e3549d0
- SHA256
  
  f16dea838efc5b074f8d8b2f8e14ab77ec744648b1d5dd550456c2f99c12bbdc
- SHA512
  
  7989b760012fcab665591c2528d8ecaead09cd9cd74a7208ef6177b36581d381574d007a31bb4c55da7bc793000bf71be546b1caec59c380ab8962ea2b719933
- SSDEEP
  
  24576:Od/jGQ1cL7Y5POF9y4Fsiem2gUJ4TmrQD06dr13TkhGb2/FJC//3bpdR:OjGQ1QKy6rQDFdrRIJ6//3bpdR
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  hmc hotmail.4/H/xNet.dll
- Size
  
  99KB
- MD5
  
  43199187819f5cfb4777edb17dda52e1
- SHA1
  
  926b4d53d74ed0b35b03e552c1901433d8dfa53c
- SHA256
  
  ae8de80698553ebce2f8be298683138297da8095c523b1b4156fcbc5f05f672f
- SHA512
  
  9f0196fdbf3d681cfce643b3dd9bdcbce3bfb30d77cfc539f25c7ce350e091de1b755ebf821e48556d22450e63ac12dd65be5441183588bb3b69baf2955b7db8
- SSDEEP
  
  3072:dNJJH7HdeR19aNqnV+xnEdGmrwqULY3wiqq0Yas2r:dPJbdqnV+xnEdnyE2
Score

1^/10
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

StormKitty payload

Stormkitty family

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Drops desktop.ini file(s)

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26