stormkitty | 5b2415107c80165c255d444ca76ac2b1b422e5f4a1661380c39504139b75867c

Sharing

Copy URL

Twitter E-mail

General

Target

StormKitty.Builder.zip
Size

5.5MB
Sample

250417-wbh5gaynx7
MD5

0c0015680539af7ffb68272b800db5f6
SHA1

2b0c7294ee81a20fabef2c936fca56a82b8cfbfe
SHA256

5b2415107c80165c255d444ca76ac2b1b422e5f4a1661380c39504139b75867c
SHA512

570c6d16bb7d02ffdef3e1ebbfc036a7900d78f931e1f0ec0eb53b3cd04f2a266a942801fddadcb43351ee8642596ee01feac2dfe8445a5437d4c2720597528c
SSDEEP

98304:C4kt1M20VX66e1GPLgbQBhHGtgsNoN0DtIrw5ntEhZCn/lLiWO9r28BHXHk95D5J:nE+OGo8BGasNo8cw5+CskIXE/Dcw

Score

10^/10

Malware Config

Targets

- Target
  
  StormKitty.Builder/Builder.exe
- Size
  
  40KB
- MD5
  
  766b531d3ea87df07f4a30478e0b6fea
- SHA1
  
  3a723efa352eff3421bb1a6fbee9aac3c68a56bd
- SHA256
  
  d3cf46a48919b2e21163ec3a38b3212eb2a130c0c58e9797590d0ef1767583d8
- SHA512
  
  a8ba8f652cf030daad7ef4971b41253cfe57717b70c4aeed0ce1689a73d6d92562185e9b9aa672f6da1ce4ab476b152d08026060ed41d1b97f19044c135b4742
- SSDEEP
  
  384:gWSeROQvTrHR5szYa/Yw2MX1nHmFrooooooooooboooooooooLzyCWS/h4:xzjTDHsz/YSNyeyD04
Score

1^/10
behavioral1
- Target
  
  StormKitty.Builder/Mono.Cecil.dll
- Size
  
  337KB
- MD5
  
  7546acebc5a5213dee2a5ed18d7ebc6c
- SHA1
  
  b964d242c0778485322ccb3a3b7c25569c0718b7
- SHA256
  
  7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e
- SHA512
  
  30b3a001550dca88c8effc9e8107442560ee1f42e3d2f354cc2813ae9030bf872c76dc211fd12778385387be5937e9bf172ea00c151cab0bca77c8aafdd11f7d
- SSDEEP
  
  6144:jFzzF5VOCxfiKKhsw4NiL0XRzx9WoCklyus:BdfiKI4RzWSyu
Score

1^/10
behavioral2
- Target
  
  StormKitty.Builder/icons/nord/Folder - Favorites.ico
- Size
  
  23KB
- MD5
  
  662b77d3b2c6d29dd29b2e23da67dab3
- SHA1
  
  d249c819b9cda535420e2956740107328e7e247c
- SHA256
  
  c3402a5d67a2b3a360a3c275805fcf75b9c2343d0c97f7a9c8448ac97e29410c
- SHA512
  
  f6bf65c212570023881aa8911977e92aa511a52173dd2835f58c078077c8a9c01b9952985ef283fab45230ea00e17a511acaa0cb30ebf3533d873fa0c0b19fb2
- SSDEEP
  
  384:WDuQWPYHleKilluIgImIm80KiMyc6f0sKUIHTIqILIMIAI9IuC/V+SeTHIbMwt4Z:WfZHktBC/wSeTobMwt4XR6EQiZTg0H
Score

1^/10
behavioral3
- Target
  
  StormKitty.Builder/obfuscator/Confuser.CLI.exe
- Size
  
  28KB
- MD5
  
  f03e1cfb8bfed0b793243a3fe5b19588
- SHA1
  
  686baab670836df515af6131e1e89737b13d503d
- SHA256
  
  2b3e5cb7f96589e5377700a5f7f25e9fc6a14539e85256e6ac6e85c07f769f61
- SHA512
  
  a57f3807a9064288080e8585d6193d184015ae832c91d4a1ed5f89070ceaddf00fede0727869c31045cd46c1fd5fef6b7baf9da7869cb80950b08dfb141fe051
- SSDEEP
  
  384:9pFyvbsul3krz2AmtZ1TltphRieCcJObGPIj8SC3sY75Y+wGIQlWqj8z9DV+V/8O:9f83k32AWH9hgbNzI5VogBji15/kHX
Score

1^/10
behavioral4
- Target
  
  StormKitty.Builder/obfuscator/Confuser.Core.dll
- Size
  
  179KB
- MD5
  
  b55534baec3ed55e42d9bf240073e8b8
- SHA1
  
  717b69eafed93ddfccb8ffd866351ec236824e6b
- SHA256
  
  05672d22e3158e033e6a8990591311220f8efaa2c6159cccc6d08e8fa128f498
- SHA512
  
  27b9fc3aad0e6c710f1ff719f037e4785596b645faddc41e94d643bf9979da71d3b65b460a0fd9dad4d0079cb2fb1388675c9f1ef1e4677e898504244155a80d
- SSDEEP
  
  3072:kZHMUz2+yLcxf0YXmIG3cu0csGFc+Jp0hFhbEiSXB8BpOmdlrWLpYaOj4lf+Q1e:u1z2+yLAsuG3cu0csGFc+JkF1WYYjR+
Score

1^/10
behavioral5
- Target
  
  StormKitty.Builder/obfuscator/Confuser.DynCipher.dll
- Size
  
  46KB
- MD5
  
  34c77aee4f10e87cd655b26fff5e2898
- SHA1
  
  87c09d032fe0be6e18e561691702132c1b68c7da
- SHA256
  
  f146b894d5b8725b59124f313970fa9cb897ea6a09f2fe093e36832874f85674
- SHA512
  
  5bde380fcfce5f62721a014d37fcc37787ab74795f5afba0e808408ce7163c5b4dba5ea7c91eedb8a3dc57621ee7ee1ef84e8d7778eaceb9d8aa4b2255d1a953
- SSDEEP
  
  768:5GQQiCe6tUSZiOcZ6i/g0gJaMzddddddddddddddxddodTDEdFddEdEdUjdrJFdQ:5gip6liOe6YWFzddddddddddddddxddB
Score

3^/10

discovery
behavioral6
- Target
  
  StormKitty.Builder/obfuscator/Confuser.Protections.dll
- Size
  
  128KB
- MD5
  
  ed24fd75334b55be2728407eecb8c61e
- SHA1
  
  92ffa769d3ecbb8f02eda77c87fe75b291b73e8c
- SHA256
  
  a1d689aa8cc4b239e34fa97f9713f0ef9fe1b2ae26297818ea5edac9721b0d36
- SHA512
  
  c51031520b52e5bb1f53af21f3d2e3f1eebc17619d2b16961ce9f63c913a47c6bced2c68f1cbb8d919e64b5fbdc5f3695e40aed15a62d9dd87fb07ef59ac08af
- SSDEEP
  
  1536:ap6vUdXA6rWPF0kNq86q1Rq7y//stUxFXRzRQ2BmiwM6DipT829iT8AjDNlN4:k5ADP+kNF6q13/UtsFXddB829i7lN4
Score

1^/10
behavioral7
- Target
  
  StormKitty.Builder/obfuscator/Confuser.Renamer.dll
- Size
  
  303KB
- MD5
  
  5f2523c16e9509e66e243c533e9d1429
- SHA1
  
  2264222525f4a28d127f890fec0911d443424cc2
- SHA256
  
  61f2780c0823c10aecf3e1df2d422b3ea1f1d286652668bd06790496e22fdfc2
- SHA512
  
  1d4638905f728894c80b2878d59e0bb69a8777f7d79a75ba7980663d3d12367257211cd3b301ccd7d3b2c58a3fd8f95fb90189c7c8236b4a3b717b78b859b764
- SSDEEP
  
  3072:eWdJgCtrmGkMrMAi3nfVqJ2z4xLB5hpcJa2ocDv9jPSj6LU/th183cok7NYZ1//e:ndxtKVYnpcg3jpShq
Score

1^/10
behavioral8
- Target
  
  StormKitty.Builder/obfuscator/Confuser.Runtime.dll
- Size
  
  42KB
- MD5
  
  43afbe110d9d9e4bc930137e3d7a76f2
- SHA1
  
  b7b42a04b2876095cdb1fa786d193119b0187e85
- SHA256
  
  df47f392af638f6abc0b1d4588a092c34e2b5bd4c9dd55bee0588aa8d1095dce
- SHA512
  
  d6a534531854fbe69ac64a587cb5ca093a70cfe3117e9713e2fca59226106b96123d4f74655f6751852d38de424f3d9cc9ba4a8f4be44ba25f1ef5a23f794034
- SSDEEP
  
  768:NVa33blIUOFjFjYxSjA4firWWy75sJUJ0cVSecNvRj2luQWKtsM7M3Y7IVqwocsq:NUZ4f2q5OUJfVJcpK1Y3Y7IVqwocCK
Score

1^/10
behavioral9
- Target
  
  StormKitty.Builder/obfuscator/ConfuserEx.exe
- Size
  
  387KB
- MD5
  
  4c1e657978a4e3541fc918111fe1cb45
- SHA1
  
  96e4d1267e188c9038ef77a6a53f8e184e246afa
- SHA256
  
  25f62aebb3b5b770109f428a4bde2ae5de0c6a7820a4239935df6a011d388047
- SHA512
  
  27c91d0aa4b017a3e7c2cf05ceb53aea5c6b4fe5bc3ff324c4e31853982d1305c906c1064efed8a0a0def969dc52e07ae9ae8c71bd5aadfa663e85c7a33ae1bc
- SSDEEP
  
  6144:CCX7SpYHHTBozY8VwaWUdL1w3o6qUjIp6uWd:CxpYHHTObVwaWs+3jjIsuc
Score

1^/10
behavioral10
- Target
  
  StormKitty.Builder/obfuscator/GalaSoft.MvvmLight.Extras.WPF4.dll
- Size
  
  25KB
- MD5
  
  c3da80ccd3f75aa501b1fdfc4c84356a
- SHA1
  
  dfeee09dda1459817d38f815179a70e14b4ac80d
- SHA256
  
  3bedc71f4e45b886f7d3b26d64dd8d3c476967f867c1db6df72aaea04749e3b5
- SHA512
  
  659f0a047e9f5790642dbd79ad3a7b8bbea4ccfe2fc1bd200adf13a52b65decde3d2348772f94c2bb3d70278988ae400bbf89fa8e8d93dde6919cc0722afcfdc
- SSDEEP
  
  384:6Taz9Dvrbn00XZcEMqjou+l2byXNBJKZLYkzsYLydvo1PyvqAjMu:YqP00XRMqx+l2byTwHPLavo1PqqAjMu
Score

1^/10
behavioral11
- Target
  
  StormKitty.Builder/obfuscator/GalaSoft.MvvmLight.WPF4.dll
- Size
  
  28KB
- MD5
  
  9f02cf4213025fbc586911f0f21f9326
- SHA1
  
  7a36bbc1631d5c58c389ab1504defd4c5b455dab
- SHA256
  
  1b38a543efc299dc4ad2ba27a80f75f372a3946035bf9f3e429cda6548d855a0
- SHA512
  
  e9835b7ebd83505cbe3ae3c2a7f650fed07542ae9986b6a249b9fc034cb4e2cdc878bb9401314b563e2c9f4d405d1827fc9a240fa754cbce48cb704defe78feb
- SSDEEP
  
  768:2S9I2WCOryU9syVui9hOJ7AgjOfTqQnGG59O4kAdMxqqAVs6B:lLOryU9sy1QOq9G5QgAVAJ
Score

1^/10
behavioral12
- Target
  
  StormKitty.Builder/obfuscator/Microsoft.Practices.ServiceLocation.dll
- Size
  
  17KB
- MD5
  
  e834e45855e8d220b0c5d0c1cac24e44
- SHA1
  
  d8aaf831cf5b90a206ee9348386a72498af0c0ee
- SHA256
  
  78ac70411c71b7a0c68fe8746edd3f3a8cd3f72044b329a40ab53c57891be37d
- SHA512
  
  f91a3fa6d522ad5f977af744618d5adc1a6caea0645d870e10962e00c03534cc3a9fa1d82001627f5b6fc3186bd51e3e69d16dd689c5e7cd4d84ac66ae9a63f3
- SSDEEP
  
  384:U0xk42ZtyyslnQyrgbPyIH/rFzsX+cAW++2Wx1q//0GftpBjIc0:DVegwRe+c3S8iC/
Score

1^/10
behavioral13
- Target
  
  StormKitty.Builder/obfuscator/Ookii.Dialogs.Wpf.dll
- Size
  
  101KB
- MD5
  
  0639ef1897705ee546e1580bc33d8286
- SHA1
  
  894df794d1ff2ae657bc0c5ac3d4f7f64a91e0c2
- SHA256
  
  1e39859b4c14afabbef8b3c3ad2607524148757fdb25bd1b2d801facebd5032f
- SHA512
  
  d0cf4fb5b5b923b97b3ad343031b257acceddbb06dd5bb67106d2d75ad7a5f56cd97c849eacd245e4c760453db78d252cd0c755e7274b42fb272b4ddd3aef3ef
- SSDEEP
  
  1536:jV8mYEiU5uh8sm6b0HR4+mDe1ZcmzAyHIuciBwKaHSWhqrbB3/G2y:x8mYEioo6ZjPcuci2Sd9G
Score

1^/10
behavioral14
- Target
  
  StormKitty.Builder/obfuscator/System.Threading.dll
- Size
  
  378KB
- MD5
  
  f5ee17938d7c545bf62ad955803661c7
- SHA1
  
  dd0647d250539f1ec580737de102e2515558f422
- SHA256
  
  8a791af9e3861e231662b657098a823b21a084cbb6a4901d6ccf363405849a78
- SHA512
  
  669a89ad811cda4f3ff4aa318aa03e26e4cb41ea22bc321bad02a671273d867cbd223a64bb30da592a5484a9f1cec77c96f5bf63b1fe586b6d3688b8c9da530c
- SSDEEP
  
  6144:mH4bNycoylcQQAzB0ebN+pM4CHavptCyO3mEQGS/eoO4:mYbNWQQAzB0e176veD3mPh/O4
Score

1^/10
behavioral15
- Target
  
  StormKitty.Builder/obfuscator/System.Windows.Interactivity.dll
- Size
  
  39KB
- MD5
  
  3ab57a33a6e3a1476695d5a6e856c06a
- SHA1
  
  dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
- SHA256
  
  4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
- SHA512
  
  58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
- SSDEEP
  
  768:6MazwAgR8/XJ665bKZdxuB8DCuL5enM7JxKjuMlZCZN+R0E7E:63wBccZdxuB8mQen6JxKjrlMZgR0Eo
Score

1^/10
behavioral16
- Target
  
  StormKitty.Builder/obfuscator/dnlib.dll
- Size
  
  987KB
- MD5
  
  458edca81ac9e413253f0903312502ff
- SHA1
  
  0abf87a4dabf48d3905b32365bd4608f1956c226
- SHA256
  
  4643b49bc48eaadd3470f6771e6bb26b42cabf700c96c9cb53dbcaf8fd26f281
- SHA512
  
  a71fc4e48b61a24c25c075dc7a91518c05a6f9198d051649323b223d14efa23b838aca708f3c3ddf7bee2d2a05a74d9118c7fa3eeb9050265588653962d5d6d4
- SSDEEP
  
  12288:2wyN5Hrnnh4AofcmqIj7KOlBsSwrgCHpGUmg7ns5CEFwOV+CT9Uxdo7yJWzygdnG:g9hSf7j+msJkihUZ7T9Uno7yUmgdnG
Score

1^/10
behavioral17
- Target
  
  StormKitty.Builder/stub/AnonFileApi.dll
- Size
  
  136KB
- MD5
  
  ff2ec80291092caf5ae9b0daa0800b33
- SHA1
  
  068f8f28f72f36aa11f4196c7a7ea83f2d15dd76
- SHA256
  
  86bccabb160c21fcfe903f6af79d6b93f0d063456991ad95ae18e713944253b3
- SHA512
  
  e348c64b93f755c1e0beb92dca7a74cd244a1803087060a7e258fb44c13e8cc78b92cf8927d49cc18311f0a307fb67d98d8570a60fff6c78535714c30bd9bd83
- SSDEEP
  
  3072:tKja+V5I1Q3ugfYS37vSFrjmebd/muNxwelmBXplcE6H:tKf7+BjmFucelIX/k
Score

1^/10
behavioral18
- Target
  
  StormKitty.Builder/stub/DotNetZip.dll
- Size
  
  448KB
- MD5
  
  6d1c62ec1c2ef722f49b2d8dd4a4df16
- SHA1
  
  1bb08a979b7987bc7736a8cfa4779383cb0ecfa6
- SHA256
  
  00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c
- SHA512
  
  c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2
- SSDEEP
  
  6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7
Score

3^/10

discovery
behavioral19
- Target
  
  StormKitty.Builder/stub/stub.exe
- Size
  
  162KB
- MD5
  
  6188b32ca9ed89d853828e296f91e645
- SHA1
  
  cc5c8fb4f47fe099efb0b95077c8e4085f38c2a9
- SHA256
  
  5bf4902802bcc524679c47555f85e230b55829caef5cd3777250f952a0f4c967
- SHA512
  
  b3144d2fe64b5cdd515f821d58002d61916dff077392fb63288afe23ba5146f4816e4a77efadae2d25ad60dd216ed2d4fb936bc83dd489cf0b31bdc5d633557f
- SSDEEP
  
  3072:lbFkgvl9fFe5d06h807F9b8RWYc4KlGUSjw0Dekslg1p:lSgvl945d9Vx9bMaGYl6
Score

1^/10
behavioral20

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20