stormkitty | 8fedd0ca0e90c113950ca9fe3685c46bc51515ff68791ef26eb87dd4da965890 | Triage

Resubmissions

19/04/2025, 22:20

250419-19hzksyjy2 10

19/04/2025, 22:16

250419-16282sv1fv 10

19/04/2025, 22:11

250419-1395gsv1ew 10

Sharing

General

Target

ColdRAT.zip
Size

20.0MB
Sample

250419-19hzksyjy2
MD5

c761941a49b0689482c063e66ec2ba84
SHA1

53c0795b52c9ecc669b6d05aca45933838df85d7
SHA256

8fedd0ca0e90c113950ca9fe3685c46bc51515ff68791ef26eb87dd4da965890
SHA512

b43b95b0fb0486e4be713fee1e7aacf9ab9702ad170f429ff6120d75d741be109bf92a29dae0fbcebe984ba05198feb763de1cadfffd7ff6ebd105b92904ee70
SSDEEP

393216:9lSeO+M2Eyea3KvSNRV7ab5Eed7Bco/8PVKa1T65MNH69+iRBds73:9lScoa3KvO6bxdVc4G565M493sz

Score

10^/10

stormkitty discovery execution

Malware Config

Targets

- Target
  
  ColdRAT.zip
- Size
  
  20.0MB
- MD5
  
  c761941a49b0689482c063e66ec2ba84
- SHA1
  
  53c0795b52c9ecc669b6d05aca45933838df85d7
- SHA256
  
  8fedd0ca0e90c113950ca9fe3685c46bc51515ff68791ef26eb87dd4da965890
- SHA512
  
  b43b95b0fb0486e4be713fee1e7aacf9ab9702ad170f429ff6120d75d741be109bf92a29dae0fbcebe984ba05198feb763de1cadfffd7ff6ebd105b92904ee70
- SSDEEP
  
  393216:9lSeO+M2Eyea3KvSNRV7ab5Eed7Bco/8PVKa1T65MNH69+iRBds73:9lScoa3KvO6bxdVc4G565M493sz
Score

1^/10
behavioral1 behavioral2
- Target
  
  ColdRAT/ColdRAT.exe
- Size
  
  9.5MB
- MD5
  
  d1dd11a93098bdea72c1d6743d26ce8d
- SHA1
  
  38535678875626a2ee2f32a786e7e671fe19c579
- SHA256
  
  22cb65ecad3abf018473b6760958414740a009ead7b968cdc3ac889a38e0427a
- SHA512
  
  b1008af59d3df4a9645bd446afdeb77dfc53634b29f56b9fc37d82e90141d243e15468f7e2532859f9702701199fcd140126ef7541e5f65505f645a32a561bfd
- SSDEEP
  
  196608:VW6NA/0Lqz6Dc5i2cklYXrE1xTqL1WrJd4KT:YWW0q6A2QTqBgv
Score

7^/10

discovery execution
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  ColdRAT/Fixer.bat
- Size
  
  122B
- MD5
  
  2dabc46ce85aaff29f22cd74ec074f86
- SHA1
  
  208ae3e48d67b94cc8be7bbfd9341d373fa8a730
- SHA256
  
  a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
- SHA512
  
  6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3
Score

5^/10
- Drops file in System32 directory
behavioral5 behavioral6

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryexecution

behavioral4

discoveryexecution

behavioral5

behavioral6