General
-
Target
Build.exe
-
Size
250KB
-
Sample
250324-apd7sa1tbw
-
MD5
34c052e8c84e0557f616ca62b03d0fe6
-
SHA1
b8c37f2de615606e8555c9245283ae8db7a82b3f
-
SHA256
d0a7cb25d7d6123c61afbd5b193a6f8ab9462d574b124d8b619f784b64569358
-
SHA512
6ed364526459c1a1103d834ac99470d5af75e25cf4e33f744d281ba7feb3caa0b2e105486bfa172227f68f40b0fec4ae585e4f8ab26fed7d4f048c8e86e1148c
-
SSDEEP
6144:P6AfoFv2O72QFbFB/lpyO4k/v9bdUkbz:SAQFuS2QFhjpysw
Behavioral task
behavioral1
Sample
Build.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
Build.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral3
Sample
Build.exe
Resource
win11-20250313-en
Malware Config
Targets
-
-
Target
Build.exe
-
Size
250KB
-
MD5
34c052e8c84e0557f616ca62b03d0fe6
-
SHA1
b8c37f2de615606e8555c9245283ae8db7a82b3f
-
SHA256
d0a7cb25d7d6123c61afbd5b193a6f8ab9462d574b124d8b619f784b64569358
-
SHA512
6ed364526459c1a1103d834ac99470d5af75e25cf4e33f744d281ba7feb3caa0b2e105486bfa172227f68f40b0fec4ae585e4f8ab26fed7d4f048c8e86e1148c
-
SSDEEP
6144:P6AfoFv2O72QFbFB/lpyO4k/v9bdUkbz:SAQFuS2QFhjpysw
-
StormKitty payload
-
Stormkitty family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2