stormkitty | Release[.]1[.]0[.]0[.]0[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Release.1.0.0.0.rar
Size

94.7MB
MD5

0c9ebdde5ac5e142215b81390047c296
SHA1

f1be19ce25980f4264344e891a4f1a57cef81921
SHA256

e512d3ee9d337b0a6bf6bc0c1a7cdc380038c055e7c3721dbf58b39c1ab45e74
SHA512

bc2e7a976830214f429208834d055995a27770700056268f0d2ea7290926ebc888a102f6af852a7a46065f00823307d56731bccce19d461a2a87ea4fc33b9015
SSDEEP

1572864:t2iN2mekubBybhTsegQ4swCLcLrf0sNHyEo2gl6+PI/voYvOe3v194rHQASwn+Fx:5ekOBytQljNSjFlfInoYGe3rQHQdii5z

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
static1/unpack001/Release/Stub/DestinyClient.exe	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Release/Stub/DestinyClient.exe
unpack001/Release/ZeroTrace Stealer.exe

Files

Release.1.0.0.0.rar
.rar
Release/DevExpress.Charts.v24.2.Core.xml
Release/DevExpress.Data.Desktop.v24.2.xml
Release/DevExpress.Data.v24.2.xml
Release/DevExpress.DataAccess.v24.2.xml
Release/DevExpress.Drawing.v24.2.xml
Release/DevExpress.ExpressApp.Scheduler.v24.2.xml
Release/DevExpress.ExpressApp.v24.2.xml
Release/DevExpress.Mvvm.v24.2.xml
Release/DevExpress.Office.v24.2.Core.xml
Release/DevExpress.Pdf.v24.2.Core.xml
Release/DevExpress.Pdf.v24.2.Drawing.xml
Release/DevExpress.Persistent.Base.v24.2.xml
Release/DevExpress.PivotGrid.v24.2.Core.xml
Release/DevExpress.Printing.v24.2.Core.xml
Release/DevExpress.RichEdit.v24.2.Core.xml
Release/DevExpress.Sparkline.v24.2.Core.xml
Release/DevExpress.SpellChecker.v24.2.Core.xml
Release/DevExpress.Utils.v24.2.UI.xml
Release/DevExpress.Utils.v24.2.xml
Release/DevExpress.Web.ASPxRichEdit.v24.2.xml
Release/DevExpress.Web.ASPxSpellChecker.v24.2.xml
Release/DevExpress.Web.v24.2.xml
Release/DevExpress.Xpf.Core.v24.2.xml
Release/DevExpress.Xpf.Layout.v24.2.Core.xml
Release/DevExpress.Xpf.LayoutControl.v24.2.xml
Release/DevExpress.Xpo.v24.2.xml
Release/DevExpress.XtraBars.v24.2.xml
Release/DevExpress.XtraCharts.v24.2.UI.xml
Release/DevExpress.XtraCharts.v24.2.Wizard.xml
Release/DevExpress.XtraCharts.v24.2.xml
Release/DevExpress.XtraEditors.v24.2.xml
Release/DevExpress.XtraGauges.v24.2.Core.xml
Release/DevExpress.XtraGrid.v24.2.xml
Release/DevExpress.XtraLayout.v24.2.xml
Release/DevExpress.XtraNavBar.v24.2.xml
Release/DevExpress.XtraPrinting.v24.2.xml
Release/DevExpress.XtraReports.v24.2.xml
Release/DevExpress.XtraRichEdit.v24.2.xml
Release/DevExpress.XtraScheduler.v24.2.Core.Desktop.xml
Release/DevExpress.XtraScheduler.v24.2.Core.xml
Release/DevExpress.XtraTreeList.v24.2.xml
Release/DevExpress.XtraVerticalGrid.v24.2.xml
Release/Humanizer.xml
.xml
Release/MaxMind.Db.xml
.xml
Release/MaxMind.GeoIP2.xml
.xml
Release/Microsoft.Bcl.AsyncInterfaces.xml
.xml
Release/Microsoft.CodeAnalysis.CSharp.Scripting.xml
.xml
Release/Microsoft.CodeAnalysis.CSharp.Workspaces.xml
.xml
Release/Microsoft.CodeAnalysis.CSharp.xml
.xml
Release/Microsoft.CodeAnalysis.Scripting.xml
.xml
Release/Microsoft.CodeAnalysis.Workspaces.xml
.xml
Release/Microsoft.CodeAnalysis.xml
.xml
Release/Microsoft.Extensions.DependencyInjection.Abstractions.xml
.xml
Release/Microsoft.Extensions.Options.xml
.xml
Release/Microsoft.Extensions.Primitives.xml
.xml
Release/Newtonsoft.Json.xml
.xml
Release/Stub/DestinyClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\aarbe\source\repos\DestinyClient\DestinyClient\obj\Release\DestinyClient.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/System.Buffers.xml
Release/System.CodeDom.xml
Release/System.Collections.Immutable.xml
Release/System.Composition.AttributedModel.xml
Release/System.Composition.Convention.xml
Release/System.Composition.Hosting.xml
Release/System.Composition.Runtime.xml
Release/System.Composition.TypedParts.xml
Release/System.Diagnostics.DiagnosticSource.xml
.xml
Release/System.IO.Pipelines.xml
Release/System.Memory.xml
Release/System.Numerics.Vectors.xml
Release/System.Reflection.Metadata.xml
Release/System.Runtime.CompilerServices.Unsafe.xml
Release/System.Text.Encoding.CodePages.xml
Release/System.Text.Encodings.Web.xml
Release/System.Text.Json.xml
Release/System.Threading.Channels.xml
Release/System.Threading.Tasks.Extensions.xml
Release/System.ValueTuple.xml
.xml
Release/ZeroTrace Stealer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\aarbe\source\repos\ZeroTrace Stealer Panel\Destiny Stealer\obj\Release\ZeroTrace Stealer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92.0MB - Virtual size: 92.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/ZeroTrace Stealer.exe.config
Release/ZeroTrace Stealer.pdb
readme tutorial.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 121KB - Virtual size: 121KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 92.0MB - Virtual size: 92.0MB

.rsrc Size: 145KB - Virtual size: 145KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 121KB - Virtual size: 121KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 92.0MB - Virtual size: 92.0MB

.rsrc
Size: 145KB - Virtual size: 145KB

.reloc
Size: 512B - Virtual size: 12B