Overview

overview

10

Static

static

7

8bcfd81ccf...55.exe

windows7-x64

10

8bcfd81ccf...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bcfd81ccfc02af640a747e29cca4b8eacca82bf4961c808b6cbebe2619d0a55.exe

  • Size

    3.5MB

  • Sample

    250215-d7v5sstrct

  • MD5

    bc94fb14f22e7bdd8925899e3df74a9a

  • SHA1

    2f9766d357e3b4769e211d0b78ddcb63c4665a9a

  • SHA256

    8bcfd81ccfc02af640a747e29cca4b8eacca82bf4961c808b6cbebe2619d0a55

  • SHA512

    01fdc03786790f24de77ead2755b598fbf5508f416f145a65c43ebbb12e6567dd5a9cb4c583fc4dccd271cd14c2eb9a88d4f6c55591525ec884c2f138e350254

  • SSDEEP

    49152:0I4JBgBnW/0bDlCv2smtkHbtnWYbRyU8jaQmJ2ip0goEfCTEYClGWS1bQIRMgpN4:07JF24DmIbtF69mJ2ip0EfxFlGHdRMG

Score
10/10
stormkittycollectiondefense_evasiondiscoveryspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      8bcfd81ccfc02af640a747e29cca4b8eacca82bf4961c808b6cbebe2619d0a55.exe

    • Size

      3.5MB

    • MD5

      bc94fb14f22e7bdd8925899e3df74a9a

    • SHA1

      2f9766d357e3b4769e211d0b78ddcb63c4665a9a

    • SHA256

      8bcfd81ccfc02af640a747e29cca4b8eacca82bf4961c808b6cbebe2619d0a55

    • SHA512

      01fdc03786790f24de77ead2755b598fbf5508f416f145a65c43ebbb12e6567dd5a9cb4c583fc4dccd271cd14c2eb9a88d4f6c55591525ec884c2f138e350254

    • SSDEEP

      49152:0I4JBgBnW/0bDlCv2smtkHbtnWYbRyU8jaQmJ2ip0goEfCTEYClGWS1bQIRMgpN4:07JF24DmIbtF69mJ2ip0EfxFlGHdRMG

    Score
    10/10
    stormkittycollectiondefense_evasiondiscoveryspywarestealerthemidatrojan

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks