Overview

overview

10

Static

static

10

hmc hotmai...ip.dll

windows7-x64

1

hmc hotmai...ip.dll

windows10-2004-x64

1

hmc hotmai...ol.dll

windows7-x64

1

hmc hotmai...ol.dll

windows10-2004-x64

1

hmc hotmai...ET.dll

windows7-x64

1

hmc hotmai...ET.dll

windows10-2004-x64

3

hmc hotmai...on.dll

windows7-x64

1

hmc hotmai...on.dll

windows10-2004-x64

1

hmc hotmai...te.dll

windows7-x64

1

hmc hotmai...te.dll

windows10-2004-x64

1

hmc hotmai...on.dll

windows7-x64

3

hmc hotmai...on.dll

windows10-2004-x64

3

hmc hotmai...ds.dll

windows7-x64

1

hmc hotmai...ds.dll

windows10-2004-x64

1

hmc hotmai...il.exe

windows7-x64

10

hmc hotmai...il.exe

windows10-2004-x64

10

hmc hotmai...rp.dll

windows7-x64

1

hmc hotmai...rp.dll

windows10-2004-x64

1

hmc hotmai...op.dll

windows7-x64

1

hmc hotmai...op.dll

windows10-2004-x64

1

hmc hotmai...rp.dll

windows7-x64

3

hmc hotmai...rp.dll

windows10-2004-x64

3

hmc hotmai...op.dll

windows7-x64

3

hmc hotmai...op.dll

windows10-2004-x64

3

hmc hotmai...et.dll

windows7-x64

1

hmc hotmai...et.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-01-2025 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hmc hotmail.4/H/hmc hotmail.exe

  • Size

    320KB

  • MD5

    6dd244ddd53c77f55d357aea0f3bc628

  • SHA1

    30d55d00b20777fcc4032c04294f98f3d6ea6bce

  • SHA256

    4a1b68b1e57efca7e9b6eb5dd42f264e6cadb86fce91eda03364bb444eeb7125

  • SHA512

    edb001f6b6c53d7007a63332f16e7f09534cbdd8a2cbc789d9889d4dd8cdb1e1dfea967f0fc03cf1b6e31be2a24fbe08bf9b3b1c2e89631a2a6db49c281b0631

  • SSDEEP

    6144:3m/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvZ:3m/Q6P8j/svm1TXI5tZB

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 2 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hmc hotmail.4\H\hmc hotmail.exe
    "C:\Users\Admin\AppData\Local\Temp\hmc hotmail.4\H\hmc hotmail.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:5008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\OZMCVSQS\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Desktop\ConvertFromSync.pptx
    Filesize

    773KB

    MD5

    a8c81c95cbb27fd21b43a9b333d7476e

    SHA1

    a03b7b3e17779fce969e9bd2f2e68ab5e18d56ff

    SHA256

    14b29dc79c492e18ea2edfcbefd8fc1b26dd8ceaf43a92313d1ac7a9c96141ff

    SHA512

    0d548c2786d59c061ce013e40060bb85c90ba6e1159616603db1b9bf3c3c5d9cdc72de0dcf9e91333cfdc330d749c16d2444bbf563b3f0d6387d2f5b87a1cc20

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Desktop\DenyCompress.ini
    Filesize

    1.2MB

    MD5

    0a5380d3d93468723e30c42a72780333

    SHA1

    a607031ca82583711ccc6fde7d450f370d17d505

    SHA256

    259cb5fb11e5d008be9e827f271dbb69cb5fe451da0c4d2c5d5bfb0a465bb09a

    SHA512

    2364538b986f7637bdc36444d6f2424d3a27c81c5e11a19c657f99448d2f9865433959cb13cf316591f8421322912d0e02f0176ef8f5a8432f1392b9ae9c4a4c

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Documents\AssertRestore.xlsx
    Filesize

    1007KB

    MD5

    c3a6c2de431a18b8a0f463ea594c6317

    SHA1

    af0ff429a48c2c98d5191125cde3670ed716eb8f

    SHA256

    7f0ff3e1e858b4ee9ced27db1f2f9cd84131ca1dba623317a17ee299fad2afcc

    SHA512

    8fd003a2a7735825ccc7492b6f1ad8e29ce14c91f9596894231163130c6829e1a15134a3c57412a454f249a0defcb97b59372d490b8b3cc86834b4ec9e869781

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Documents\CompressRevoke.xls
    Filesize

    829KB

    MD5

    970cf2caa8e2b65867b67b7e85ebc8d7

    SHA1

    32779eac7cb92927fc07b02b9639f8673d16d751

    SHA256

    15937992f1275075f99ec62b6d07e08faf3545f7208f6bdc5555885fe626703a

    SHA512

    65679625b4652fcc0158e62e4b1dfa0d3c099518e5d80bbb73c70a2fed29acdda233a80794c687cd1f4cf74cd673fcc26fba675e12f1a3aa97e6396a5db01276

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Downloads\DisconnectInvoke.pdf
    Filesize

    672KB

    MD5

    36b73c7c2e77272d49ce7ac3d3ba73fc

    SHA1

    e40a33a9dbd0c5686956e25596ffca470a8148bc

    SHA256

    7a140d5c1e2b79747595bd03c4e2ba33ac216dc243d61ddce7a190817e8a7865

    SHA512

    1ce709a60b2c08c617d695903d362f1f3b86f477b8a38983d01ddfaa34fe9a9c026aae2f90fba61db10dcdad75a774b29c15efaa35737fcdb81557aa5fa2df7a

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Downloads\MergeReceive.css
    Filesize

    933KB

    MD5

    f8d15c01d5cbb3f7a95dab95453401ca

    SHA1

    709005c42b573a8852873ab34d6aa2e1c0177eef

    SHA256

    feaf7304dc2d03bf0cda5a4fe21eaf415578c6639b741ad4cb4c2ed7dc50c810

    SHA512

    3b062b4fea93d4f020a7cbc4a4cc75d98dd14f3413d39586bda8bff44b0a4aa2f071fc0be99d0b21011229ce5b3c6dcf9fae77299aaa92864188e8a8c6e4723b

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Pictures\FindRestart.svg
    Filesize

    369KB

    MD5

    f4866a50f642c702f2cef6a18f744d0b

    SHA1

    aa34a7bbabbe5a02c0df7f28c185086dc1c83cfc

    SHA256

    47e5b6a0257f8cb6a3c0ddbf22cfafe50c697ee5bd8bf3d9d2d5fd38168737f1

    SHA512

    f3d4a67fd96112e53ded0860cf74992712f0bf3108b53ae1437eb4e28f1ce1e09a1619bc1ea7d1d89e2f19d0bc94e9f65cb1035ca01df3adc09505bc6dc0d318

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Pictures\ResizeRequest.jpg
    Filesize

    299KB

    MD5

    f64aaff2eeb829e57a4104f442c7efd5

    SHA1

    8a6e5933304d8bcec6f372250a2c535c469c2541

    SHA256

    af98448a2dc1f6014831ebad2ed97e642fffa8e333f556b411f9d027b817486c

    SHA512

    488ab91d4d7482ecdb3a268b2a04e22555d1e059a794a5cbb9554245dee49ad2a4beeae9dbbd1d78ad2a548d3397d06a0cf44e7dbc580856da5abc32fdf1df2d

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Pictures\RevokeInitialize.jpeg
    Filesize

    285KB

    MD5

    1f8e657fc15ff3e4f7c7d4cdcc82aa46

    SHA1

    d530c095cbefa7f28194f710685af88b20d6d72d

    SHA256

    a5459aef819402a32a4bc698dd2fe8ed0159f834239a8725ec883afe5832cdc8

    SHA512

    08099caaad52116837b568b402024efd7bdaaa8a29f10288ac0989a45e67ed2e5b1c758ed2222ee0a7ab0a7eb89c1f52c9c28835345122f49112d27b823632af

    Download Submit

  • C:\ProgramData\OZMCVSQS\FileGrabber\Pictures\SearchConvert.svg
    Filesize

    327KB

    MD5

    52851e4edae2e57205a5e5bcdfc466c5

    SHA1

    06308728279924868a091bf3e2c182d01b2bebd2

    SHA256

    5accd69631cd9743ac78f7203a95b9394779405f64ad5c205fefedc9ae38a639

    SHA512

    402010e416b9f8541469d65a618f9771344c5c0b4a84383e9af7630a734e4cb3b3a46c1a840c3cc1a5ad2f43175783b4173945f8532b87a75c56117986cec6c1

    Download Submit

  • C:\ProgramData\OZMCVSQS\Process.txt
    Filesize

    4KB

    MD5

    9df2c4201d33547c67ebe55692f02ed2

    SHA1

    83d1d9f8b32acb9bd1d0248b54cd86c725602e7b

    SHA256

    a3482727012b59247e15c0dc8c07dc4833dab4a1a222c8f5e78b79d7a78ad455

    SHA512

    6c27c5482f1fc12b9901206390374cfd9d46dc13a794b907e759d2566e24af28fa71d78f02bfc34ed814f8ac3b2721dd64dd3f73a7426e156389d06c2bc0f8f4

    Download Submit

  • memory/5008-32-0x0000000006B30000-0x0000000006B96000-memory.dmp

    Filesize

    408KB

    Download

  • memory/5008-30-0x0000000006C90000-0x0000000007234000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/5008-24-0x0000000006640000-0x00000000066D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/5008-2-0x0000000075200000-0x00000000759B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/5008-1-0x00000000008F0000-0x0000000000946000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5008-0-0x000000007520E000-0x000000007520F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-221-0x000000007520E000-0x000000007520F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-227-0x0000000075200000-0x00000000759B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/5008-251-0x0000000075200000-0x00000000759B0000-memory.dmp

    Filesize

    7.7MB

    Download