General
-
Target
loki-3-3-9.zip
-
Size
1.3MB
-
Sample
250323-2xlqdasrv8
-
MD5
1e5ad284567b83ea0b4fc871874625ad
-
SHA1
0adb21f0c2b1228dd92868bd9d0c7ff7dd9f4d67
-
SHA256
0af99b94ca63947eeffe16eb87dbc8aa0837176d209e49015fe2e3fc64ef10b7
-
SHA512
3b9fdf0bd1f57e0076ff5ac1fe670cce193b21e110c33354463d395afbd848a4d5353c085ee92c30d7bb0360d235d3a19f79086c8a2e5246993b7b43a5c48d2a
-
SSDEEP
24576:DUj+0plCZf7e3Q6OQ/QxTJ7ILzYlsRhjw6LCvavtxU6bJOt3ztV3lGv/:DU1LeRxTN+ke3eSvFJujzlGv/
Static task
static1
Behavioral task
behavioral1
Sample
loki-3-3-9.zip
Resource
win11-20250314-en
Malware Config
Targets
-
-
Target
loki-3-3-9.zip
-
Size
1.3MB
-
MD5
1e5ad284567b83ea0b4fc871874625ad
-
SHA1
0adb21f0c2b1228dd92868bd9d0c7ff7dd9f4d67
-
SHA256
0af99b94ca63947eeffe16eb87dbc8aa0837176d209e49015fe2e3fc64ef10b7
-
SHA512
3b9fdf0bd1f57e0076ff5ac1fe670cce193b21e110c33354463d395afbd848a4d5353c085ee92c30d7bb0360d235d3a19f79086c8a2e5246993b7b43a5c48d2a
-
SSDEEP
24576:DUj+0plCZf7e3Q6OQ/QxTJ7ILzYlsRhjw6LCvavtxU6bJOt3ztV3lGv/:DU1LeRxTN+ke3eSvFJujzlGv/
-
StormKitty payload
-
Stormkitty family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2