General

  • Target

    loki-3-3-9.zip

  • Size

    1.3MB

  • Sample

    250323-2xlqdasrv8

  • MD5

    1e5ad284567b83ea0b4fc871874625ad

  • SHA1

    0adb21f0c2b1228dd92868bd9d0c7ff7dd9f4d67

  • SHA256

    0af99b94ca63947eeffe16eb87dbc8aa0837176d209e49015fe2e3fc64ef10b7

  • SHA512

    3b9fdf0bd1f57e0076ff5ac1fe670cce193b21e110c33354463d395afbd848a4d5353c085ee92c30d7bb0360d235d3a19f79086c8a2e5246993b7b43a5c48d2a

  • SSDEEP

    24576:DUj+0plCZf7e3Q6OQ/QxTJ7ILzYlsRhjw6LCvavtxU6bJOt3ztV3lGv/:DU1LeRxTN+ke3eSvFJujzlGv/

Malware Config

Targets

    • Target

      loki-3-3-9.zip

    • Size

      1.3MB

    • MD5

      1e5ad284567b83ea0b4fc871874625ad

    • SHA1

      0adb21f0c2b1228dd92868bd9d0c7ff7dd9f4d67

    • SHA256

      0af99b94ca63947eeffe16eb87dbc8aa0837176d209e49015fe2e3fc64ef10b7

    • SHA512

      3b9fdf0bd1f57e0076ff5ac1fe670cce193b21e110c33354463d395afbd848a4d5353c085ee92c30d7bb0360d235d3a19f79086c8a2e5246993b7b43a5c48d2a

    • SSDEEP

      24576:DUj+0plCZf7e3Q6OQ/QxTJ7ILzYlsRhjw6LCvavtxU6bJOt3ztV3lGv/:DU1LeRxTN+ke3eSvFJujzlGv/

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks