stormkitty | 39b268b299acc7944e2c3081c586b84003935761f22a98dbe2086181d4e697c7 | Triage

Sharing

General

Target

builder.zip
Size

277KB
Sample

250331-c3m3ys1yf1
MD5

89a1cef24f1814a412dd34c91727a8d3
SHA1

0fa5d0c0b43b1a687900e47ad98e3d71d0fbadd6
SHA256

39b268b299acc7944e2c3081c586b84003935761f22a98dbe2086181d4e697c7
SHA512

2ea5b79ab2cb80c4092d6097871d599f1516b8be5b62a63aaf4a6645647f50e87adf8808d0fd3e601389e4c48877929ebc60b24f52903abf6005373cf833637d
SSDEEP

6144:Se0d8TDKNP9m/sadrdzIVrG+UgAWPj33K/oLRR:MymWs4ZL+F5LK/+X

Score

10^/10

stormkitty stealer

Malware Config

Targets

- Target
  
  builder/builder/Mono.Cecil.Mdb.dll
- Size
  
  42KB
- MD5
  
  dc80f588f513d998a5df1ca415edb700
- SHA1
  
  e2f0032798129e461f0d2494ae14ea7a4f106467
- SHA256
  
  90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9
- SHA512
  
  1b3e57fbc10f109a43e229b5010d348e2786e12ddf48a757da771c97508f8f3891be3118ff3bb84c3fd6bfa1723c670541667cdbf2d14ea63243f6def8f038cc
- SSDEEP
  
  768:Cr5EYZep98C87KHeBUZwrEF7b+gxfM3AkMus4iWJq9F4CRIcZwMRTIzyAt9U2:Cr59g98C87KHeBUbwgKirbdwMRTzAt9l
Score

1^/10
behavioral1 behavioral2
- Target
  
  builder/builder/Mono.Cecil.Pdb.dll
- Size
  
  87KB
- MD5
  
  6cd3ed3db95d4671b866411db4950853
- SHA1
  
  528b69c35a5e36cc8d747965c9e5ea0dc40323b8
- SHA256
  
  d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3
- SHA512
  
  e8ae4caf214997cc440e684a963727934741fd616a073365fa1fc213c5ca336c12e117d7fa0d6643600a820297fc11a21e4ac3c11613fba612b90ebd5fc4c07e
- SSDEEP
  
  1536:fU2qJ+RazRt/Kc4oJiOxFR4NdJF0/RfhF46HAoYKHgPzpS6w7fa1C9r:s2MRtrfrR+Pe/xAiAzpQ7y1C9r
Score

1^/10
behavioral3 behavioral4
- Target
  
  builder/builder/Mono.Cecil.Rocks.dll
- Size
  
  27KB
- MD5
  
  c8f36848ce8f13084b355c934fc91746
- SHA1
  
  8f60c2fd1f6f5b5f365500b2749dca8c845f827a
- SHA256
  
  a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7
- SHA512
  
  7c47f96e0e7dfaebb4dccf99fa0dda64c608634e2521798fd0d4c74eb2641c848fadad29c2cd26eb9b45acdfef791752959117a59e1f0913f9092e4662075115
- SSDEEP
  
  384:E0ve8JOuJTiC7n2NwxEXCnjB+RXcMeDz8PmR1ugLoaeuLMBG9UphJAprjEduFLHJ:E+meiCyrXOwS8uRssveum1peFLHFBbO
Score

1^/10
behavioral5 behavioral6
- Target
  
  builder/builder/Mono.Cecil.dll
- Size
  
  337KB
- MD5
  
  7546acebc5a5213dee2a5ed18d7ebc6c
- SHA1
  
  b964d242c0778485322ccb3a3b7c25569c0718b7
- SHA256
  
  7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e
- SHA512
  
  30b3a001550dca88c8effc9e8107442560ee1f42e3d2f354cc2813ae9030bf872c76dc211fd12778385387be5937e9bf172ea00c151cab0bca77c8aafdd11f7d
- SSDEEP
  
  6144:jFzzF5VOCxfiKKhsw4NiL0XRzx9WoCklyus:BdfiKI4RzWSyu
Score

1^/10
behavioral7 behavioral8
- Target
  
  builder/builder/StormKittyBuilder.exe
- Size
  
  17KB
- MD5
  
  e936b50ab766fb1fdfee7b01b3e4450a
- SHA1
  
  6b45ee8349b61604c4007e775e34c8ca45cae16b
- SHA256
  
  241b415fdfc53d5c0df654fa70cdf4ddb9df6d5cac6d42e465f521f4321ffdfb
- SHA512
  
  d3091a39156bad832f2d9faee22ddc0f3055dc2562f93a0a5ead04938b528c202a9658d02ef3f5b3f2c36f4508b970d815033cb32e18f7098629b105a1fe93b8
- SSDEEP
  
  192:haVr0QqQdHrlZ/28pGdQCOhNQuMMgKCg3t5p70fOVXIjXFEs55zh4+W/YbWnTrev:KDOghNEMcg9PZrs5HQ/YXc
Score

10^/10

stormkitty stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
behavioral10 behavioral9
- Target
  
  builder/builder/stub/stub.exe
- Size
  
  107KB
- MD5
  
  eaa8de841b67c55c023f66729791a0d7
- SHA1
  
  1c6ebfb9a9bfa35dfd698876433ae521513fca81
- SHA256
  
  1eb1ec2ae87071342c03080d209fd4983c793204a88772187c7f764c4f4118fe
- SHA512
  
  6fff0b607ed1d29344acdd85b7d4b5e64cfc03b3ad9fc9bb9fca64ccf9021d527b78f6417fd811385c37cd5905b56e03793175c37f84878ad483d0edaede92ac
- SSDEEP
  
  3072:X2ZYhX5B/BrwRlilIEtBeQ7sR9bGpxRBU6pY2z:fhX5e4l5e8u9bY
Score

10^/10

stormkitty stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

stormkittystealer

behavioral10

stormkittystealer

behavioral11

stormkittystealer

behavioral12

stormkittystealer