General

  • Target

    Build.exe

  • Size

    250KB

  • Sample

    250325-bxlr9syzav

  • MD5

    0ffab76692f3b272d65457ef64be9bb6

  • SHA1

    9bc253e6039c2e7191b6486329bf1df1840392be

  • SHA256

    92df7ed4566008f0d59d658cf64bda9715f7edc1bd37bb2cb2427d07f54ca7c3

  • SHA512

    de45016d6928152b195d390d3dfcf6f5b690615b1f3252bd179bf1fc29de143d3eb0e4e6b64acbf4b5c62cba6094902c6ce340e9f6cc0309b980f900354ae0f1

  • SSDEEP

    6144:f6AfoFv2O72QFbFB/ldyO4k/69bdUkbz:iAQFuS2QFhjdylw

Malware Config

Targets

    • Target

      Build.exe

    • Size

      250KB

    • MD5

      0ffab76692f3b272d65457ef64be9bb6

    • SHA1

      9bc253e6039c2e7191b6486329bf1df1840392be

    • SHA256

      92df7ed4566008f0d59d658cf64bda9715f7edc1bd37bb2cb2427d07f54ca7c3

    • SHA512

      de45016d6928152b195d390d3dfcf6f5b690615b1f3252bd179bf1fc29de143d3eb0e4e6b64acbf4b5c62cba6094902c6ce340e9f6cc0309b980f900354ae0f1

    • SSDEEP

      6144:f6AfoFv2O72QFbFB/ldyO4k/69bdUkbz:iAQFuS2QFhjdylw

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks