MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


StormKitty


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5
SHA3-384 hash: 0aae90353d583562c8313cbb710a6ad7d503527f179aaa7f4eee646cb88e09906d259eea91d2b4bd390014a75c0272cc
SHA1 hash: 2f7d8adfb506718346d94177103d1d976380a9b4
MD5 hash: 5f70bb21955777e10ca01ead27d16b44
humanhash: twelve-king-spring-monkey
File name:5f70bb21955777e10ca01ead27d16b44.exe
Download: download sample
Signature StormKitty
Create hunting rule
File size:1'070'592 bytes
First seen:2021-07-13 12:57:02 UTC
Last seen:2021-07-13 23:30:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:H14cODw1DCZmkn0qYMrlBHgGhU96GESut3:VZODKDc6qYalBHg646GE3
Threatray 5'250 similar samples on MalwareBazaar
TLSH T103359C6C23BEA409F636FE719FA0F2759E5A7EB69225904D09C03E067431C80BE77935
Reporter abuse_ch
Tags:exe StormKitty

Intelligence

File Origin
# of uploads :
2
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5f70bb21955777e10ca01ead27d16b44.exe
Verdict:
Malicious activity
Analysis date:
2021-07-13 14:28:04 UTC
Tags:
stealer
Link:
https://app.any.run/tasks/31a93662-91c3-4b78-b061-05476b73877b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171392/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.925-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/417b33fa-a2e6-4c28-9e54-d476d774f981
Result
Threat name:
a310Logger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/815686
Signature
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file access)
Writes or reads registry keys via WMI
Yara detected a310Logger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-07-13 09:54:32 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qtaqequscqwe2i2hahudblw4xwdfgeljh4gyvr2vs3po4jumpw2q._file
Verdict:
malicious
Similar samples:
086b930d1a631edf83cfe41204603a67e9cf4661ecee97761f7dcb8f87bb6e70
StormKitty
4d7f5d6322935ee744ab4a0db255ca4720c2a64aa6760bb987349399165bb010
StormKitty
528c4017fc8019572354de7746bba7978bb1ce0c9508e42644799712fb5ea869
StormKitty
5bb1ec5f6be562ca2beec31d45c6cce4b811283b225e3f2654dbfbe5cc8f07de
StormKitty
988015476a43d916c6d49009eaa2e262246ac18eaf1615113262cd3540708450
StormKitty
c6cacd1d2bfb210318a62cabce8045f5735cd9a0e58c3aea8d3ec2174f6d7abb
StormKitty
c7607bcbc0acfdf8733dff8a4f709009236da553d300abc2d0df98b3e6c70f58
StormKitty
df54a04599bb3953ffcf067a4308e01dafe8ac2c9064bdd3fbc3a441725a06f2
StormKitty
f66e5f355ec3477cc1be168b9fec2f85d2c58106460d988dd96855f8c78b3fe8
StormKitty
fe71bef6acadf2feb1a19c9e51543be0cacb245a5ce034b7510c72912996580e
StormKitty
+ 5'240 additional samples on MalwareBazaar
Result
Malware family:
stormkitty
Create hunting rule
Score:
  10/10
Tags:
family:a310logger family:stormkitty spyware stealer
Link:
https://tria.ge/reports/210713-kb18ykaptj/
Behaviour
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
A310logger Executable
A310logger
StormKitty
StormKitty Payload
Unpacked files
SH256 hash:
7ca1e3210dc55ebf479badf96cec0985272f00c2812a95da1a4688ef54e78f37
MD5 hash:
ca9c09d5745e8ae5b9f3d6c9f1d034d8
SHA1 hash:
8ee9fa2b756c9a72c1b53e8a893d73b3c13dffe1
Link:
https://www.unpac.me/results/2a2caf75-726d-43b6-80cd-1d4d2af3d951/
SH256 hash:
5f5257e30cfc2caab058013ffc60f90fb8a5d780a14834e1371054290b7658e4
MD5 hash:
b0e14c3526d6623ae9b7b5f5e0efde76
SHA1 hash:
f7d127bff2dfb1100ebd55fdd12dfb7a2b382fdc
Link:
https://www.unpac.me/results/2a2caf75-726d-43b6-80cd-1d4d2af3d951/
SH256 hash:
e6c17d7039e97a6b2118b66456c00b8ed88943279f220acf1c9a8cbcd5d7a99f
MD5 hash:
227e714a1756d47f67bffafd5d83624a
SHA1 hash:
f3ae132caa2b0840d46deeaa10966cea67f171a2
Link:
https://www.unpac.me/results/2a2caf75-726d-43b6-80cd-1d4d2af3d951/
SH256 hash:
e08491953eaffb2cf0014f376fc54034ccb84eb3525d787a5219844a56cd6018
MD5 hash:
225751754bd01be9493ccf8932eaeab4
SHA1 hash:
cb4de3646e4d381eb3ee8ef7327ba9ed1df62e27
Link:
https://www.unpac.me/results/2a2caf75-726d-43b6-80cd-1d4d2af3d951/
SH256 hash:
84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5
MD5 hash:
5f70bb21955777e10ca01ead27d16b44
SHA1 hash:
2f7d8adfb506718346d94177103d1d976380a9b4
Link:
https://www.unpac.me/results/2a2caf75-726d-43b6-80cd-1d4d2af3d951/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

StormKitty

Executable exe 84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1447745/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/171392/

Comments