Overview

overview

10

Static

static

1

630c67766d...40.bat

windows7-x64

6

630c67766d...40.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    630c67766d2464e2e8870167b0f6f36f451b0b6d79932366960f668346986b40.bat

  • Size

    1.1MB

  • Sample

    250215-dpx7fatngw

  • MD5

    ec08eb012b54b1f6144b4aa03696959e

  • SHA1

    27919899a79479eef8aed6dc6159720f542f9ab3

  • SHA256

    630c67766d2464e2e8870167b0f6f36f451b0b6d79932366960f668346986b40

  • SHA512

    29a4ed3cd76c901e8d145a040972730bd6be12f14631a2019845e718a005fa851bd0ea59579a05e204ee0f392c448c4e474259dc10cc0a8a02d938943d551742

  • SSDEEP

    24576:Dgphx09OZLJ7GZKZY2LHyfDRVWMnr3aoaGQZNes6:DIxhhoHrT1Qi

Score
10/10
stormkittydiscoveryexecutionstealer

Malware Config

Targets

    • Target

      630c67766d2464e2e8870167b0f6f36f451b0b6d79932366960f668346986b40.bat

    • Size

      1.1MB

    • MD5

      ec08eb012b54b1f6144b4aa03696959e

    • SHA1

      27919899a79479eef8aed6dc6159720f542f9ab3

    • SHA256

      630c67766d2464e2e8870167b0f6f36f451b0b6d79932366960f668346986b40

    • SHA512

      29a4ed3cd76c901e8d145a040972730bd6be12f14631a2019845e718a005fa851bd0ea59579a05e204ee0f392c448c4e474259dc10cc0a8a02d938943d551742

    • SSDEEP

      24576:Dgphx09OZLJ7GZKZY2LHyfDRVWMnr3aoaGQZNes6:DIxhhoHrT1Qi

    Score
    10/10
    executionstormkittydiscoverystealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks