General
-
Target
18719D6856A09A622001F1C325067D56AFA63BD21FBAD.exe
-
Size
867KB
-
Sample
220114-pz9h1agbh9
-
MD5
39bfd2ce7cffeafc8f4d85d89fd6f072
-
SHA1
9d0df13ef8de579a2bbfba88e938a836ffab1069
-
SHA256
18719d6856a09a622001f1c325067d56afa63bd21fbad25fd23c01b2c0c67472
-
SHA512
d2e4b81133cb427a52ba10cbde23ea16ed33dc0c57affc55afa0ca5bbf68e03841e258ca153c5f217fe0f4f483f3705882eb556718f9c98f508db7144b7b51bb
Static task
static1
Behavioral task
behavioral1
Sample
18719D6856A09A622001F1C325067D56AFA63BD21FBAD.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
18719D6856A09A622001F1C325067D56AFA63BD21FBAD.exe
Resource
win10-en-20211208
Malware Config
Extracted
oski
pplonline.org/Cgi/
Targets
-
-
Target
18719D6856A09A622001F1C325067D56AFA63BD21FBAD.exe
-
Size
867KB
-
MD5
39bfd2ce7cffeafc8f4d85d89fd6f072
-
SHA1
9d0df13ef8de579a2bbfba88e938a836ffab1069
-
SHA256
18719d6856a09a622001f1c325067d56afa63bd21fbad25fd23c01b2c0c67472
-
SHA512
d2e4b81133cb427a52ba10cbde23ea16ed33dc0c57affc55afa0ca5bbf68e03841e258ca153c5f217fe0f4f483f3705882eb556718f9c98f508db7144b7b51bb
-
StormKitty Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-