Overview

overview

10

Static

static

3

2025-04-18...er.exe

windows10-2004-x64

10

2025-04-18...er.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/04/2025, 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe

  • Size

    368KB

  • MD5

    c82c31b7819148e9da1e19290c6e3aaa

  • SHA1

    85b083cc9825782bd75029513e97f0d741c52316

  • SHA256

    1052190feea6f77f7d3bd556aceaffa1ffc1a60c5f4fb047f1660fac9a065cf4

  • SHA512

    25277bf0474020ee457a379e2fb7087b9699bfc4990db2e0c2ca99b0a02338f862ee4fbab593632e24f3c1d57465344d9a14032d3c5157656d6f267f420beb61

  • SSDEEP

    6144:bsCwu+mWhJifvtNP/7YXSLB80PYjKxohR3phzaqzwtLexBopl1nMewBT:QxmIJQvPkit+asR3phzyGopl1N2T

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Stormkitty family
    stormkitty
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 3 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe"
      2⤵
      • Executes dropped EXE
      • Accesses Microsoft Outlook profiles
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:4020

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe
    Filesize

    320KB

    MD5

    d970075839354b506a8b43a64b98fd1b

    SHA1

    d4a2477547fab0f77931d27a3a5cc6fbf636413f

    SHA256

    7879fab30a835c0cb17809240c2a9ae2eedda668b6049fd43c2952760ad4637d

    SHA512

    c687e42bec8fa32c78d266ffb1919261b4bc3cba1691464b95eca9e879f6001aea662829f49d01fd3d3e438ccc2287257fdad1af5ab3221df82bfc617dbfa5e7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\Browsers\Firefox\Bookmarks.txt
    Filesize

    81B

    MD5

    ea511fc534efd031f852fcf490b76104

    SHA1

    573e5fa397bc953df5422abbeb1a52bf94f7cf00

    SHA256

    e5fe7f327ae62df007bd1117aa7f522dbbcd371ec67953f66d786424cb1d7995

    SHA512

    f7d8e575a2332b0fbd491b5e092b7ed6b0942a5165557fcc5d215d873b05103aa6ba01843133871c1c7ac81b10182a15895be49885c98d1a379dd55f88004fae

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Desktop\OptimizeGrant.pptx
    Filesize

    330KB

    MD5

    78a13ec6379c8f1403c7579088a2c081

    SHA1

    8df8462596530408ceafdab78c173146824b0d20

    SHA256

    ac87a802ef70246c8cc1f16c75a6dba65414517882d1c32807e1694339fbbeac

    SHA512

    6d2cf5f67936c6b779bfce7fac5a49035d40f6c71b5fa14f490a510b7eacdb86cf27604ad1baed6b6b1c3a687ccaa8770f591854f8517dc28a1a0cc7915f5b15

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Desktop\ReceiveResolve.png
    Filesize

    416KB

    MD5

    fcd517b1464dd7a30b5771d4c9fe2386

    SHA1

    62953231fe85a9c8887a751724d51fe700907b9c

    SHA256

    c0194275f36576f3b05d790b98d24164be22e95a865aefbd67fc8688628ba225

    SHA512

    38fb2ee34c9e72b7323a95bf8fcd1adb5ed69e382251737ba149e4a2f3ab0418c54cec36a5aa0e8532cab14dbd45f6f101b1f0d9541060201f4c81a8612c1bed

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Desktop\SendWait.ppt
    Filesize

    790KB

    MD5

    7bad5aac116779817928dd218df031be

    SHA1

    20551c11b47bddb24ae4a6b9a484a42fbdf2a289

    SHA256

    5219df3496d32954a7f9d52c7f68e5da5ac3f25e918fbdf4c656737a01f1bdc6

    SHA512

    405441a0221824d8328d6c4062aa2ad8601fed4ae9b3bf6db7cc53201a790177bf032a0c3561d03a647bc7a2371233996495bb5c5077cb9c30d6c82bbea1ec87

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Documents\CheckpointDebug.txt
    Filesize

    2.3MB

    MD5

    8b03d2b8cfcb956ca8fc51124606ca4a

    SHA1

    72447909543e686d6419b52b3a96f90711678f9d

    SHA256

    c942c7e9dc88b88fdc02e3942ef312ac9853f60ddd91c1dc88364335bf93353e

    SHA512

    122339864d3ab992e6055456365d1283edff8a3a81d59a87daf6d9ecdb8498901282112864ba3c494a8607a600ad9cd7d14629cf884b35f1c1fe032afb668135

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Downloads\CloseUninstall.pptx
    Filesize

    479KB

    MD5

    f1a08634d29e2c5afd423323d3c2a30f

    SHA1

    a28eecc52c836bdca4b1e18085f4f79a7f963dca

    SHA256

    458c2882bf01f474d02a4e2c2f7f7a8f90dc6509ed3ad42a8bf73a099887871e

    SHA512

    b5b0c709b25cd7f8e2e1906e9261d8b74fd8e5e0abc556c784cfda6169caea00ffbbb35d137a2728d3e97e390bc531719d218b99891a00d516778da09fc790de

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Downloads\SkipUndo.css
    Filesize

    799KB

    MD5

    e4c6b466cb25ed5b06224f5c01803db7

    SHA1

    ea919370976c28c3b88288eadb86f9ff1efb277f

    SHA256

    40dad6256918ee38e7cd28b8f9e0a58b145de333a62012c1839a66005388c515

    SHA512

    a83830cf0ebd1ed455aec52ab038399f5b0f939e9864e877f389c695f8e142d78b179609632c3435683c2e484d47e926eebf36eedf8863cd0002dfa5c7591ac6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Pictures\CompareUnlock.svg
    Filesize

    159KB

    MD5

    2af33416a1c4f4b4a91f0480eee1d816

    SHA1

    c332cc7e131634dacec0b28b130544021eb8d51e

    SHA256

    eeb02055d52e9196f4945c7aa5a5320ae78a4535bd064085366c6643c9a90379

    SHA512

    16c8effd34f3f503be40762b1bb00b51f029d8f0d3897a9e094cc35d8887d5182a5b9f61f860be65b0683f6aa7d47382145fd3879ece059fd15b3f33c32b11d0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Pictures\ConfirmHide.jpeg
    Filesize

    254KB

    MD5

    5cb3d6865d9932c5f04a278b50b90386

    SHA1

    a563bfdf2ddac4c36cc931e16b288eead5ace3ad

    SHA256

    522855e2c8ed63f76cdd3b2ce7e71db7ac726d6845397e1f7650ec0e22b8dcca

    SHA512

    34a3af52bfcad32e4cf04af056c87ff96c5961c9fd3841d2b10e6722626c62c056bfa8d58c5f1455771734700cb7a10c999abec0c14ecb1e4c6609254745f3f0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Pictures\ConvertToStop.jpg
    Filesize

    183KB

    MD5

    4fc72696d68b1a4ae2b46b8d4525a50d

    SHA1

    47563787e23e593626018c8fb409f45db4793a0d

    SHA256

    089922d7bf92b5717d95fc79be324dcd373853f4d0c979b86c6620b63745f34d

    SHA512

    63cc0c0e997e6787586df62f7b7f3dcca8c168cd743de32dcfbe0cf240a657107e372f1e4a01b6f325817743ecce339e7651e978094597664d291e7f2808eced

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Pictures\CopyApprove.jpg
    Filesize

    469KB

    MD5

    9e8752517a7bd858af7fd5f0fa842240

    SHA1

    a03eb9f62ac549caea1f6768a4835956368de2c5

    SHA256

    d669020b96a906b5a05826174ec7a9511896774ddc1efe2c6fe4536ff615cde8

    SHA512

    7c8c3d73b7610357ae69f5ae3c9bbcf9f2ac126ed382b2cc941d0ec1ac7aae07cc8743cb267dc6a64946bbb46ecb3d77082980617c544bfb6b96e365b24bb68a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\FileGrabber\Pictures\ProtectOpen.png
    Filesize

    286KB

    MD5

    decdb60a58720fab417d6e6098fa5e15

    SHA1

    64ca3be5797d10bcfe231d1c4716afa7993f4d93

    SHA256

    a9bc789c79f5384b9141fc5a81006a489475748e6eaf4caa43e6a0f57b137571

    SHA512

    bcbd5165e8b2071e0e3483218ed1eeac58344d3e38778e41f4f8392324248baf0404e82a0bf37c1fa52da1133b3aecc7ab48da041529ae2bd53a246c54767b25

    Download Submit

  • C:\Users\Admin\AppData\Roaming\EBOVWUDZ\Process.txt
    Filesize

    4KB

    MD5

    9c500723efe589911de1016bdad5a093

    SHA1

    2a8531c649d6b2e5504257c8f53815a42ebd18ea

    SHA256

    20caad4ae87e1f4a3bab60930b31b049d303efbe6dad98bcbe10abb6926f7853

    SHA512

    7b6630ed625cfe368c817e3b23427c3461a37571686bb82e519fbc3907ca26cc13dc9aaaed95ec7fff573a92b433307ade8f734f869dfc11b25995fe2a535ade

    Download Submit

  • memory/4020-43-0x0000000006D40000-0x0000000006DD2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4020-12-0x000000007308E000-0x000000007308F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4020-13-0x0000000000F10000-0x0000000000F66000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4020-14-0x0000000073080000-0x0000000073831000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4020-199-0x000000007308E000-0x000000007308F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4020-44-0x0000000007390000-0x0000000007936000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4020-46-0x0000000007130000-0x0000000007196000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4020-242-0x0000000073080000-0x0000000073831000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4020-268-0x0000000073080000-0x0000000073831000-memory.dmp

    Filesize

    7.7MB

    Download