Overview

overview

10

Static

static

3

2025-04-18...er.exe

windows10-2004-x64

10

2025-04-18...er.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    103s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2025, 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe

  • Size

    368KB

  • MD5

    c82c31b7819148e9da1e19290c6e3aaa

  • SHA1

    85b083cc9825782bd75029513e97f0d741c52316

  • SHA256

    1052190feea6f77f7d3bd556aceaffa1ffc1a60c5f4fb047f1660fac9a065cf4

  • SHA512

    25277bf0474020ee457a379e2fb7087b9699bfc4990db2e0c2ca99b0a02338f862ee4fbab593632e24f3c1d57465344d9a14032d3c5157656d6f267f420beb61

  • SSDEEP

    6144:bsCwu+mWhJifvtNP/7YXSLB80PYjKxohR3phzaqzwtLexBopl1nMewBT:QxmIJQvPkit+asR3phzyGopl1N2T

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Stormkitty family
    stormkitty
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 2 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe"
      2⤵
      • Executes dropped EXE
      • Accesses Microsoft Outlook profiles
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:1940

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe
    Filesize

    320KB

    MD5

    d970075839354b506a8b43a64b98fd1b

    SHA1

    d4a2477547fab0f77931d27a3a5cc6fbf636413f

    SHA256

    7879fab30a835c0cb17809240c2a9ae2eedda668b6049fd43c2952760ad4637d

    SHA512

    c687e42bec8fa32c78d266ffb1919261b4bc3cba1691464b95eca9e879f6001aea662829f49d01fd3d3e438ccc2287257fdad1af5ab3221df82bfc617dbfa5e7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\Browsers\Firefox\Bookmarks.txt
    Filesize

    81B

    MD5

    ea511fc534efd031f852fcf490b76104

    SHA1

    573e5fa397bc953df5422abbeb1a52bf94f7cf00

    SHA256

    e5fe7f327ae62df007bd1117aa7f522dbbcd371ec67953f66d786424cb1d7995

    SHA512

    f7d8e575a2332b0fbd491b5e092b7ed6b0942a5165557fcc5d215d873b05103aa6ba01843133871c1c7ac81b10182a15895be49885c98d1a379dd55f88004fae

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Desktop\CompressDeny.css
    Filesize

    604KB

    MD5

    a084821cd7a32d04856db02b2984e0fe

    SHA1

    b02f84f11abc544b0c5580aadee0a95c5e1e6a43

    SHA256

    49e5aaf9469cbb5ced240caa55c9dae8f931fb21e24345277ba7c999d45c1b1d

    SHA512

    d927349ef415f7055e441d97bceda641277f6655ac7d5ebbbdf11e6e895d51ab742861fab4f5ea97a879c3471f3a237cddd597ab2a6500a9c9cb3647bf85b6af

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Desktop\GrantSkip.js
    Filesize

    533KB

    MD5

    2c1f29e63e075e73ac8790f8a3067c56

    SHA1

    f6a9a6565c9cbb555ae01a72aa4dded781bc562e

    SHA256

    b2fccea56989e60c5225dc86d91472e80a6cae5ee4ed4f860440944d14877828

    SHA512

    db8e5f0b44006c9d86b7b7b108b92a034dd0ffea6710cd707c0c0b104dd89102f30c46719e91464472263b6594549c3f7354f6935c4f380ee7ca3dde9155d4ec

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Desktop\SearchPing.rtf
    Filesize

    408KB

    MD5

    63d0d34a770a3852a5b56d07a17d2efb

    SHA1

    0efa40edf817d4b9eec00a22c3cb38c3fa532b60

    SHA256

    7867b2cbed59cff7f9a45ed1f0a0ee3192f325e6cd9d7b11718dcf05c044e72a

    SHA512

    078f40ce94afd061e333aa4a7d376c4285dd72ca93c2be661b9aaf2dcc9a05717b3d1b5d144074d0bf4acba0f12fe0c265836690b0dea373d2048ba88bf889e8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Documents\CheckpointUnprotect.pdf
    Filesize

    1.1MB

    MD5

    c492321e7d0df0ce9a001fa77f0e978a

    SHA1

    2013019bfdcde2a9a76f69babf7b32c8099f91fb

    SHA256

    df5c98e17da052682115b21a7ef29a480805e70ffaf96134ca71982e7941b1e8

    SHA512

    f275d9afd6f081b7ca2e8f60265979ca1b970e7bd4a6c7d05ac0f88884ecbee06b7154b2eb1634f4f9bc3b1c8f8c1b4b3a303c14851106b76922b6fb8ebb5219

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Documents\DebugGrant.pdf
    Filesize

    1.7MB

    MD5

    591e4844f294ef3c22eb804b8d7295fa

    SHA1

    e1d8df671fc2a6b76953bef525b29ff3429cc04f

    SHA256

    c7fe9c28979a2872831c779bd53f6dfc8e3c7245f3dfaf19bd108c6b1a4aa467

    SHA512

    886bfa3db74b9056e7be4d08860e974adec37fe40f2de97b65ee8a33c1f793674ee5364381cd164da83f2433e9f3a5e09a2a6ac2c2426357d7fc75ae4fa2579e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Downloads\ConvertRedo.jpeg
    Filesize

    1.2MB

    MD5

    6a494bbad02ac2da9cfa8375a8a837a4

    SHA1

    8c3ce3514e9277b056f056ec725a28d47467a5d2

    SHA256

    4d876221a2f14eb650882e1512e847c568358af157b708eb3d4c506caa4c9058

    SHA512

    a3e437fa4dd328f04bb417285dc10735e96b749b9f5d7368465d0e5d36168d0c94ae8748948480bf5ef12ee3928d2bc3bc820fd3565970f5d4103762122735b8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Downloads\DenyUnpublish.png
    Filesize

    992KB

    MD5

    845de8f46038dcbd9f1a3777cd7b101e

    SHA1

    64642912947db6abfef1ca8827fc2c928f0a761e

    SHA256

    eba9d80bfdd3a4fc0fa6ac9d41c200efa7891c70b02a8016dc006aadc4ecb1bf

    SHA512

    f66f6aaa92aa8c8d02d215c6e4af171bc00e670136e83aeb1d432520c7a5e3b355572eaba3306346c7a9dca28036ba9c323e460eaa58592d98be3f34b9a1d2ce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Pictures\ConvertDeny.jpeg
    Filesize

    278KB

    MD5

    58efbcbd745ca47bed988d12e1eb06ce

    SHA1

    9a5bf424f94efc19a5504894f164b163f1a616a8

    SHA256

    8c9cfe777968ef3cbfd44d76ebd563b4a33b5d6210adb2039e71d93dbdf15eb6

    SHA512

    8511e8825e4c4547c280992dc6088d7ecdfafcc83df0547173a017811eb35b748fc4a87376f45f73be9d63b31cbbf9164475b746e2ed3aae2c4ff809b5bd6fbd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Pictures\ConvertToReset.bmp
    Filesize

    480KB

    MD5

    dc771cddaf65d5393553144bdce828c6

    SHA1

    c814e12b2cf603461398c86de913e15120e3fe3a

    SHA256

    bc8f2d377d698b32d1d75910c3beff2dde1ec7d1ddb7d2b0d4ebf6ac982c2678

    SHA512

    663d32f62ed27c921364dd4c0c209d85796138cdba73e4a49ea277c898fb850e996dd87cbb90ee70d84faff3b6e2d5111030c7b89e9e07c3e7e9974b231612cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\FileGrabber\Pictures\DisableUnprotect.svg
    Filesize

    556KB

    MD5

    3627a1c42f7b684c711c7e61c8edbacf

    SHA1

    bd1a354600fe89631296823851251cf93970505e

    SHA256

    2a55cdb461aceaa451ca2c692704d2f857632061c751eeb54b317bcd9f4f3324

    SHA512

    6195a964fc833b74724564c6ea78586b1e64b0d06fdb48da96790571be59610aca81afa4b7137cb19d6bf61ff1a0386a198bcdd2890e1f4eb9daa24535da8249

    Download Submit

  • C:\Users\Admin\AppData\Roaming\QGYALJKP\Process.txt
    Filesize

    4KB

    MD5

    64c32b8c21bdbfdb22c42fcdc3bfc834

    SHA1

    248e716d0bcd647a4c6ca4a00159a55d4649c161

    SHA256

    1eac2e5b33f230233a9709462e02c55743c80b72938f59859724edeae9111eb6

    SHA512

    37aad1a086536e99130dddbdeb3fdadc5ebcfd5b353963411a680f542229ce527768fbc05608c10c838ddd94ecdf3c5acb5b8e594d4620af29129156e0e80715

    Download Submit

  • memory/1940-39-0x0000000006040000-0x00000000060D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1940-13-0x0000000000450000-0x00000000004A6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1940-12-0x0000000072D0E000-0x0000000072D0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1940-14-0x0000000072D00000-0x00000000734B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1940-208-0x0000000072D0E000-0x0000000072D0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1940-40-0x0000000006690000-0x0000000006C34000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1940-44-0x0000000006510000-0x0000000006576000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1940-240-0x0000000072D00000-0x00000000734B0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1940-265-0x0000000072D00000-0x00000000734B0000-memory.dmp

    Filesize

    7.7MB

    Download