MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

StormKitty

Vendor detections: 15

Intelligence 15 IOCs YARA 1 File information Comments

SHA256 hash:	a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085
SHA3-384 hash:	60ae4fb4a3a9660355ec3c27853198ec9d459bd82825bb923a0258dc7a99d5a9ca3cd2b6b4d4ed54fab14cf888b091a8
SHA1 hash:	ea030dd8319a4b891883c5baf7f1c4815fb85a6e
MD5 hash:	551c2c23ae63cbc9bf2b1b88cb3ecc02
humanhash:	two-cup-moon-coffee
File name:	ReviewandSignImportantDocument.exe
Download:	download sample
Signature	StormKitty Create hunting rule
File size:	204'456 bytes
First seen:	2026-02-03 03:10:35 UTC
Last seen:	2026-02-03 20:41:29 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a60e2f996367d3f0f40289c655d2d075 (6 x XWorm, 1 x AsyncRAT, 1 x StormKitty)
ssdeep	3072:VONzIHNq/O4Wrz5EMIjfppzJX773hivdz6yxEZA3Xcy/PI:VONUtLz6M4fzJXpC2yOmcynI
TLSH	T18814C229B61EE23BD23589B82C144FDC10F955F8F0CB9A06D3055B6A27B05B2BF7D582
TrID	77.2% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8) 6.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 4.2% (.EXE) Win32 Executable (generic) (4504/4/1) 1.9% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	qemped
Tags:	exe StormKitty

Intelligence

File Origin

# of uploads :

# of downloads :

127

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

GuLoader

Details

Link:

https://research.acce.ciphertechsolutions.com/results/b81c5959-0467-449e-b28b-2d56229f1bbd/

Malware family:

n/a

ID:

File name:

_a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085.exe

Verdict:

Malicious activity

Analysis date:

2026-02-03 03:12:46 UTC

Tags:

evasion destinystealer stealer arch-doc

Link:

https://app.any.run/tasks/6b32b2e2-f142-4490-bd71-425254701117

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

StormKitty

Link:

https://www.capesandbox.com/analysis/51388/

Detection(s):

SecuriteInfo.com.BackDoor.SpyBotNET.67.29379.7579.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698167614cec271dd7054a28

Tags:

infosteal shell crypt sage

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a process with a hidden window

Sending a custom TCP request

DNS request

Connection attempt

Sending an HTTP GET request

Launching a service

Changing a file

Running batch commands

Launching a process

Creating a file

Reading critical registry keys

Launching the process to change network settings

Using the Windows Management Instrumentation requests

Searching for synchronization primitives

Unauthorized injection to a recently created process

Stealing user critical data

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-02-02T15:51:00Z UTC

Last seen:

2026-02-04T17:58:00Z UTC

Hits:

~100

Detections:

HEUR:Trojan-PSW.Win32.Agent.gen HEUR:Trojan-PSW.MSIL.Stealer.gen VHO:Backdoor.MSIL.XWorm.hsa Trojan-PSW.Win32.Coins.sb Trojan-PSW.MSIL.Stealer.sb Trojan-PSW.MSIL.Agent.sb Trojan-PSW.MSIL.Stealer.a Trojan-PSW.Win32.Stealer.sb Trojan-Banker.MSIL.Evital.gen Backdoor.MSIL.XWorm.hsa VHO:Backdoor.Win32.Convagent.gen

Link:

https://opentip.kaspersky.com/a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085/results?tab=lookup

Malware family:

Stealerium Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b6335670-1db1-4adc-9cba-362db51a7b09

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Visual Basic Visual Basic 6 Win 32 Exe x86

Link:

https://app.malva.re/file/551c2c23ae63cbc9bf2b1b88cb3ecc02

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085/

Verdict:

Malicious

Threat:

Family.DESTINYSTEALER

Link:

https://tip.neiki.dev/file/a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085

Threat name:

Win32.Trojan.Injuke

Status:

Malicious

First seen:

2026-02-02 19:50:49 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 24 (91.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=um22oepy23zbrmx5dbwyotgya7qq3pkpkmxennvqld23b6fxiccq._file

Result

Malware family:

stormkitty

Score:

10/10

Tags:

family:stormkitty collection discovery persistence privilege_escalation spyware stealer

Link:

https://tria.ge/reports/260203-dps8gsgz7d/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

Program crash

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Wi-Fi Discovery

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Executes dropped EXE

Reads user/profile data of web browsers

StormKitty

StormKitty payload

Stormkitty family

Unpacked files

SH256 hash:

a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085

MD5 hash:

551c2c23ae63cbc9bf2b1b88cb3ecc02

SHA1 hash:

ea030dd8319a4b891883c5baf7f1c4815fb85a6e

Link:

https://www.unpac.me/results/b4126b73-96fc-40e0-a080-b1790d6fca5e/

SH256 hash:

70192cd3dafec42a02437bf1f83660e7419d8d2c4feb6da2b13611da1a9e5372

MD5 hash:

d8f3c0274b7b256feda1f25132522770

SHA1 hash:

9012fea349e0ac15d0f8d65c7e6a3eb60c84d389

Link:

https://www.unpac.me/results/b4126b73-96fc-40e0-a080-b1790d6fca5e/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a335a711f8d6/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a335a711f8d6f218b2fd186d874cd807e10dbd4f532e46b6b058f5b0f8b74085

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	SEH__vba Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/51388/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample