General

  • Target

    Build.exe

  • Size

    250KB

  • Sample

    250324-t2fqxswmz8

  • MD5

    b8f3934b55afbaa069717cd2e2eda6dd

  • SHA1

    b33071c576f2637bd679002f01ca68e4df5112ec

  • SHA256

    7cd58601d62de54c16bf279d2eb477a0e5b85f62cbe387268c1bec578db2a1e3

  • SHA512

    2bab25ed6f190e56a96986400e5004956d44e3c9fe6e95e0b6540e503ad232ed3c08c85aaf3926a7bab3041fdbe64e363785c07fce9c011fc09abf2c39fde0c1

  • SSDEEP

    6144:P6AfoFv2O72QFbFB/l4yO4k/b9bdUkbz:SAQFuS2QFhj4yAw

Malware Config

Targets

    • Target

      Build.exe

    • Size

      250KB

    • MD5

      b8f3934b55afbaa069717cd2e2eda6dd

    • SHA1

      b33071c576f2637bd679002f01ca68e4df5112ec

    • SHA256

      7cd58601d62de54c16bf279d2eb477a0e5b85f62cbe387268c1bec578db2a1e3

    • SHA512

      2bab25ed6f190e56a96986400e5004956d44e3c9fe6e95e0b6540e503ad232ed3c08c85aaf3926a7bab3041fdbe64e363785c07fce9c011fc09abf2c39fde0c1

    • SSDEEP

      6144:P6AfoFv2O72QFbFB/l4yO4k/b9bdUkbz:SAQFuS2QFhj4yAw

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks