General
-
Target
2025-04-18_e2e81ef1300b970259e1339287d3125c_black-basta_cobalt-strike_coinminer_satacom
-
Size
6.0MB
-
Sample
250418-c7nkaaskz8
-
MD5
e2e81ef1300b970259e1339287d3125c
-
SHA1
c8e9f2366df39a7c07621be96a477a3c4debab74
-
SHA256
319d78b1aa7153267c5d2a6ecee8d7d02f489c9e8678742b410dd38931c8fea5
-
SHA512
85f68096cb8048c26557733c663f8667478b2d7b8b79f30f9f4bb007b0995fdd09f0c426981526b1dfe05b487c526cef58e310e45e4fde79ac99723e4e99f0fd
-
SSDEEP
98304:H0zim6BOOUPsZPF27j37dl+adKRF7xzl+qAmXEUydxjGyrrdkXu/SvFJu:UziJO3k5F27j37dsacR/zl+qIU21v1k6
Malware Config
Targets
-
-
Target
2025-04-18_e2e81ef1300b970259e1339287d3125c_black-basta_cobalt-strike_coinminer_satacom
-
Size
6.0MB
-
MD5
e2e81ef1300b970259e1339287d3125c
-
SHA1
c8e9f2366df39a7c07621be96a477a3c4debab74
-
SHA256
319d78b1aa7153267c5d2a6ecee8d7d02f489c9e8678742b410dd38931c8fea5
-
SHA512
85f68096cb8048c26557733c663f8667478b2d7b8b79f30f9f4bb007b0995fdd09f0c426981526b1dfe05b487c526cef58e310e45e4fde79ac99723e4e99f0fd
-
SSDEEP
98304:H0zim6BOOUPsZPF27j37dl+adKRF7xzl+qAmXEUydxjGyrrdkXu/SvFJu:UziJO3k5F27j37dsacR/zl+qIU21v1k6
Score10/10-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-