stormkitty | 190125d18f0c710d42a53fe230fa6e18568a35150ba34e6b880fd709f0a82598

Sharing

Copy URL

Twitter E-mail

General

Target

190125d18f0c710d42a53fe230fa6e18568a35150ba34e6b880fd709f0a82598
Size

558KB
MD5

f1be3a3edf5bf5e9343bd71cd39d6a1d
SHA1

9fe9268163a4aacf93f287c5ddfe6b79a44d0688
SHA256

190125d18f0c710d42a53fe230fa6e18568a35150ba34e6b880fd709f0a82598
SHA512

43fa1ed4a139141a5b3967fb22b1a55d8efe68df81815f839a7638962e017f4cb6db1ab7ccea27720034946c9423c4c15fa11709a05891de5ac2e3a91020e3e7
SSDEEP

12288:/m/Q6P8j/svm1TXI5tZByKLBwiZlzMB9xgndcP88DvvP:/0P8j/svqAOG6iZ2BLgndcE+vvP

Score

10^/10

stormkitty

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_Binary_References_Browsers
Detects executables containing bas64 encoded gzip files 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File
Detects executables referencing Discord tokens regular expressions 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_EXE_Discord_Regex
Detects executables referencing credit card regular expressions 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_EXE_CC_Regex
Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_EXE_References_VPN
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Detects executables using Telegram Chat Bot 1 IoCs

Processes:

resource yara_rule

sample INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
StormKitty payload 1 IoCs

Processes:

resource yara_rule

sample family_stormkitty
Stormkitty family
stormkitty
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

190125d18f0c710d42a53fe230fa6e18568a35150ba34e6b880fd709f0a82598

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Discord_Regex

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_CC_Regex

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_VPN

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_TelegramChatBot

resource	yara_rule
sample	family_stormkitty

resource
190125d18f0c710d42a53fe230fa6e18568a35150ba34e6b880fd709f0a82598

Files

190125d18f0c710d42a53fe230fa6e18568a35150ba34e6b880fd709f0a82598
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 555KB - Virtual size: 555KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 555KB - Virtual size: 555KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B