General
-
Target
Build.exe
-
Size
250KB
-
Sample
250325-bxlr9syzav
-
MD5
0ffab76692f3b272d65457ef64be9bb6
-
SHA1
9bc253e6039c2e7191b6486329bf1df1840392be
-
SHA256
92df7ed4566008f0d59d658cf64bda9715f7edc1bd37bb2cb2427d07f54ca7c3
-
SHA512
de45016d6928152b195d390d3dfcf6f5b690615b1f3252bd179bf1fc29de143d3eb0e4e6b64acbf4b5c62cba6094902c6ce340e9f6cc0309b980f900354ae0f1
-
SSDEEP
6144:f6AfoFv2O72QFbFB/ldyO4k/69bdUkbz:iAQFuS2QFhjdylw
Behavioral task
behavioral1
Sample
Build.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
Build.exe
-
Size
250KB
-
MD5
0ffab76692f3b272d65457ef64be9bb6
-
SHA1
9bc253e6039c2e7191b6486329bf1df1840392be
-
SHA256
92df7ed4566008f0d59d658cf64bda9715f7edc1bd37bb2cb2427d07f54ca7c3
-
SHA512
de45016d6928152b195d390d3dfcf6f5b690615b1f3252bd179bf1fc29de143d3eb0e4e6b64acbf4b5c62cba6094902c6ce340e9f6cc0309b980f900354ae0f1
-
SSDEEP
6144:f6AfoFv2O72QFbFB/ldyO4k/69bdUkbz:iAQFuS2QFhjdylw
-
StormKitty payload
-
Stormkitty family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2