General
-
Target
572604d9ba43870cc8c773b2c0815ead693d48e8da914e1032a3fe0b9c2f7049.exe
-
Size
5.7MB
-
Sample
250323-vvx73ax1fw
-
MD5
f8fc67498f363953433c7493c9f75c5c
-
SHA1
c33c4c1fa188933eb7acef791fb436602467ac2e
-
SHA256
572604d9ba43870cc8c773b2c0815ead693d48e8da914e1032a3fe0b9c2f7049
-
SHA512
192ea195e42e7ab669a1b58eb23c8739354bca4549f0a10d659abe8aa77a863d80d181fe4206849a14332005243a2f0513682208e75925e4c56d96fcc35aee94
-
SSDEEP
98304:3cQg+id0+pUl6oJM76ijQLfs7g707Pq76XtDU8P54xeN4Li:3Lid04o6oJM76oQ7s7E0j5tI8PbUi
Behavioral task
behavioral1
Sample
572604d9ba43870cc8c773b2c0815ead693d48e8da914e1032a3fe0b9c2f7049.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
572604d9ba43870cc8c773b2c0815ead693d48e8da914e1032a3fe0b9c2f7049.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
572604d9ba43870cc8c773b2c0815ead693d48e8da914e1032a3fe0b9c2f7049.exe
-
Size
5.7MB
-
MD5
f8fc67498f363953433c7493c9f75c5c
-
SHA1
c33c4c1fa188933eb7acef791fb436602467ac2e
-
SHA256
572604d9ba43870cc8c773b2c0815ead693d48e8da914e1032a3fe0b9c2f7049
-
SHA512
192ea195e42e7ab669a1b58eb23c8739354bca4549f0a10d659abe8aa77a863d80d181fe4206849a14332005243a2f0513682208e75925e4c56d96fcc35aee94
-
SSDEEP
98304:3cQg+id0+pUl6oJM76ijQLfs7g707Pq76XtDU8P54xeN4Li:3Lid04o6oJM76oQ7s7E0j5tI8PbUi
-
StormKitty payload
-
Stormkitty family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1