stormkitty | cmd[.]exe | Triage

Sharing

General

Target

cmd.exe
Size

339KB
MD5

4a78d40c29579dc26ba135c01ac56158
SHA1

9c61028daf68777bbb0671036417f093078ca1d7
SHA256

23600c9b4425c2cc05a8e17adc39e6fa8c0c16983289abf2b4cae68ae6535b3b
SHA512

ada8df846dd8d0a6706b3bb0e4f5ba43f84e8ef634ac7d10370ec118537c7b33d8ce4a3e680a8d2a6593b87531819f3cfdb1cf1291ac7d2589707fc6fa0e7969
SSDEEP

3072:+m+FrFLPdIuW/cRdyYZ2r1J0ZNk5TP8VveGX5If5V8KBA2Rtml6cBLV4adiQLeIc:P+FrFPWv/eFZNk5L8V/iBV8yIRR4sOEq

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmd.exe

Files

cmd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ExosStealer\44CALIBER\obj\Release\ExosThief.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ