General

  • Target

    Build.exe

  • Size

    250KB

  • Sample

    250324-apd7sa1tbw

  • MD5

    34c052e8c84e0557f616ca62b03d0fe6

  • SHA1

    b8c37f2de615606e8555c9245283ae8db7a82b3f

  • SHA256

    d0a7cb25d7d6123c61afbd5b193a6f8ab9462d574b124d8b619f784b64569358

  • SHA512

    6ed364526459c1a1103d834ac99470d5af75e25cf4e33f744d281ba7feb3caa0b2e105486bfa172227f68f40b0fec4ae585e4f8ab26fed7d4f048c8e86e1148c

  • SSDEEP

    6144:P6AfoFv2O72QFbFB/lpyO4k/v9bdUkbz:SAQFuS2QFhjpysw

Malware Config

Targets

    • Target

      Build.exe

    • Size

      250KB

    • MD5

      34c052e8c84e0557f616ca62b03d0fe6

    • SHA1

      b8c37f2de615606e8555c9245283ae8db7a82b3f

    • SHA256

      d0a7cb25d7d6123c61afbd5b193a6f8ab9462d574b124d8b619f784b64569358

    • SHA512

      6ed364526459c1a1103d834ac99470d5af75e25cf4e33f744d281ba7feb3caa0b2e105486bfa172227f68f40b0fec4ae585e4f8ab26fed7d4f048c8e86e1148c

    • SSDEEP

      6144:P6AfoFv2O72QFbFB/lpyO4k/v9bdUkbz:SAQFuS2QFhjpysw

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks