General
-
Target
0d486324cdfd386ebe13de2b72c18fef0ff6c9aa0a513096f19a2a5277333c7bN.exe
-
Size
5.7MB
-
Sample
250323-bgt4psyqz2
-
MD5
d0c97c1ecff74ea6d68c31501e7f46a0
-
SHA1
e144738950d117a566f361843e840b1929a6a304
-
SHA256
0d486324cdfd386ebe13de2b72c18fef0ff6c9aa0a513096f19a2a5277333c7b
-
SHA512
5c2aa7b75d249647f03ea6ebda4bda03a1d0d85f43c172b29e4dd4e56c8394727710cece5e1196b719befae5e3dc05aeb8d8bb90e1f34f363d97d3554757f2a8
-
SSDEEP
98304:3cQg+id0+pUl6oJM76ijQLfs7g707Pq76XtDU8P54xeN4L:3Lid04o6oJM76oQ7s7E0j5tI8PbU
Behavioral task
behavioral1
Sample
0d486324cdfd386ebe13de2b72c18fef0ff6c9aa0a513096f19a2a5277333c7bN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0d486324cdfd386ebe13de2b72c18fef0ff6c9aa0a513096f19a2a5277333c7bN.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
0d486324cdfd386ebe13de2b72c18fef0ff6c9aa0a513096f19a2a5277333c7bN.exe
-
Size
5.7MB
-
MD5
d0c97c1ecff74ea6d68c31501e7f46a0
-
SHA1
e144738950d117a566f361843e840b1929a6a304
-
SHA256
0d486324cdfd386ebe13de2b72c18fef0ff6c9aa0a513096f19a2a5277333c7b
-
SHA512
5c2aa7b75d249647f03ea6ebda4bda03a1d0d85f43c172b29e4dd4e56c8394727710cece5e1196b719befae5e3dc05aeb8d8bb90e1f34f363d97d3554757f2a8
-
SSDEEP
98304:3cQg+id0+pUl6oJM76ijQLfs7g707Pq76XtDU8P54xeN4L:3Lid04o6oJM76oQ7s7E0j5tI8PbU
-
StormKitty payload
-
Stormkitty family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1