stormkitty | FreePhotoShop Meme Coin Packs[.]exe | Triage

Sharing

General

Target

FreePhotoShop Meme Coin Packs.exe
Size

250KB
MD5

310c1b76fbf1b164cc59a158949d24f3
SHA1

5bedfc6a6bbfbc79ec5a1510a5bb45e48ec9d914
SHA256

138b3883e8ccf6496ae1d5f9499a8dda3e46be499eed57d054d810079b91ecb2
SHA512

1f4451f9af213f4329b3b4b9c4d3069cbdee2fb8a6e82cb7494b361a3b8d907ded7b71261330fc8b21271c1414359c5955fa311c2a229e3b0179a216eb0212a8
SSDEEP

6144:P6AfoFv2O72QFbFB/lkyO4k/v9bdUkbz:SAQFuS2QFhjkysw

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FreePhotoShop Meme Coin Packs.exe

Files

FreePhotoShop Meme Coin Packs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ