stormkitty | 569eb8e183947d368b9a38c83b73f852e4ae2401fc82db4458cabf7b04bc17fe | Triage

Submit
Reports

Overview

overview

Static

static

Build.exe

windows10-2004-x64

Sharing

General

Target

Build.bin
Size

574KB
Sample

250122-x48q9sslfj
MD5

1749aee9312b4b8361adfef5f030661f
SHA1

d09a1b15a479d1adf739ac0a8a0fcc496ba8b839
SHA256

569eb8e183947d368b9a38c83b73f852e4ae2401fc82db4458cabf7b04bc17fe
SHA512

7ea5b4c8050bce10579e14565003a89b43e03fb0bcfa3f3f10a83b28da0c2c43a703fb25dbe9e8645cf2717a82869f9b214cc6f86d253629260cd93702d43e73
SSDEEP

6144:SHYyAMe5/Jmfmk/CSIL9wiSEpb5QaLkFh9YEfRJ5IcPVAEUOcK6LRPdehjcedqmg:SHYyA9wfkx8rvaB75HoY6R

Score

10^/10

stormkitty collection discovery persistence privilege_escalation spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Build.exe

Resource

win10v2004-20241007-en

stormkitty collection discovery persistence privilege_escalation spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Build.bin
- Size
  
  574KB
- MD5
  
  1749aee9312b4b8361adfef5f030661f
- SHA1
  
  d09a1b15a479d1adf739ac0a8a0fcc496ba8b839
- SHA256
  
  569eb8e183947d368b9a38c83b73f852e4ae2401fc82db4458cabf7b04bc17fe
- SHA512
  
  7ea5b4c8050bce10579e14565003a89b43e03fb0bcfa3f3f10a83b28da0c2c43a703fb25dbe9e8645cf2717a82869f9b214cc6f86d253629260cd93702d43e73
- SSDEEP
  
  6144:SHYyAMe5/Jmfmk/CSIL9wiSEpb5QaLkFh9YEfRJ5IcPVAEUOcK6LRPdehjcedqmg:SHYyA9wfkx8rvaB75HoY6R
Score

10^/10

stormkitty collection discovery persistence privilege_escalation spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectiondiscoverypersistenceprivilege_escalationspywarestealer

© 2018-2025

Terms | Privacy