General
-
Target
Build.exe
-
Size
250KB
-
Sample
250324-t96mbawnz6
-
MD5
b8f3934b55afbaa069717cd2e2eda6dd
-
SHA1
b33071c576f2637bd679002f01ca68e4df5112ec
-
SHA256
7cd58601d62de54c16bf279d2eb477a0e5b85f62cbe387268c1bec578db2a1e3
-
SHA512
2bab25ed6f190e56a96986400e5004956d44e3c9fe6e95e0b6540e503ad232ed3c08c85aaf3926a7bab3041fdbe64e363785c07fce9c011fc09abf2c39fde0c1
-
SSDEEP
6144:P6AfoFv2O72QFbFB/l4yO4k/b9bdUkbz:SAQFuS2QFhj4yAw
Behavioral task
behavioral1
Sample
Build.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Build.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
Build.exe
-
Size
250KB
-
MD5
b8f3934b55afbaa069717cd2e2eda6dd
-
SHA1
b33071c576f2637bd679002f01ca68e4df5112ec
-
SHA256
7cd58601d62de54c16bf279d2eb477a0e5b85f62cbe387268c1bec578db2a1e3
-
SHA512
2bab25ed6f190e56a96986400e5004956d44e3c9fe6e95e0b6540e503ad232ed3c08c85aaf3926a7bab3041fdbe64e363785c07fce9c011fc09abf2c39fde0c1
-
SSDEEP
6144:P6AfoFv2O72QFbFB/l4yO4k/b9bdUkbz:SAQFuS2QFhj4yAw
-
StormKitty payload
-
Stormkitty family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2