Overview

overview

10

Static

static

10

4b25fa1673...f7.exe

windows7-x64

10

4b25fa1673...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b25fa167392d8e4365d2f3c787db1c974ccb8fd13d2ad1099b69db1f62c03f7.exe

  • Size

    107KB

  • Sample

    250213-d79m7asmfm

  • MD5

    9034080ecb301060a2a69519198c3211

  • SHA1

    6c504419d9f1085aefee87ade0300fdd59e5c66a

  • SHA256

    4b25fa167392d8e4365d2f3c787db1c974ccb8fd13d2ad1099b69db1f62c03f7

  • SHA512

    f69967ec3dd0009f5950397a979a2eb4a52a11c62799d89c33abf05c4dfa8542e9c9b3a43a66a631a235f6728522ba373fd15227097d28cc887705474cd75428

  • SSDEEP

    3072:g+RZk7QEyRiBaIOWQ7sR9bGpxReUbpMD:fRZk7DZ8u9bY

Score
10/10
stormkittydiscoverystealer

Malware Config

Targets

    • Target

      4b25fa167392d8e4365d2f3c787db1c974ccb8fd13d2ad1099b69db1f62c03f7.exe

    • Size

      107KB

    • MD5

      9034080ecb301060a2a69519198c3211

    • SHA1

      6c504419d9f1085aefee87ade0300fdd59e5c66a

    • SHA256

      4b25fa167392d8e4365d2f3c787db1c974ccb8fd13d2ad1099b69db1f62c03f7

    • SHA512

      f69967ec3dd0009f5950397a979a2eb4a52a11c62799d89c33abf05c4dfa8542e9c9b3a43a66a631a235f6728522ba373fd15227097d28cc887705474cd75428

    • SSDEEP

      3072:g+RZk7QEyRiBaIOWQ7sR9bGpxReUbpMD:fRZk7DZ8u9bY

    Score
    10/10
    stormkittystealerdiscovery

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks