MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d88aa8b13dd489d8051baf82a5ef10973efaa31d2a485834032d529cedf23846. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


StormKitty


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d88aa8b13dd489d8051baf82a5ef10973efaa31d2a485834032d529cedf23846
SHA3-384 hash: ca216d5015b2523ba23d330cbbc1e007f3b2fd0046a50a58259622042936ade15293f01b7267ecf1093d307abbe37a34
SHA1 hash: 61d20d0bf37cd7e15042a7d2d9a868afa2af883d
MD5 hash: cde7c5dfeb156e477580638939926614
humanhash: whiskey-zebra-lactose-maine
File name:yHYWC.PDF.7Z
Download: download sample
Signature StormKitty
Create hunting rule
File size:4'789 bytes
First seen:2022-07-26 06:45:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 96:S5c0VsDz1QsdvNsQeFghMG5mISuz/HW+tlkj4U8vCVWtqGQHbAcX:S5fsDz1Q+oEMGk7zSGj4jqeqGQ7Ac
TLSH T1BCA17DB7AD741012ED4E03AB570DA31FA1576E2EE003A69005E03F7A6C9091939ADF27
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:7z INVOICE StormKitty zip


Avatar
cocaman
Malicious email (T1566.001)
From: "sinanozcelikk@gmail.com" (likely spoofed)
Received: "from head-called.naturescar.com (unknown [185.222.58.49]) "
Date: "26 Jul 2022 06:22:40 +0200"
Subject: "INVOICE DOCS REQUESTED MV OMSKIY-125"
Attachment: "yHYWC.PDF.7Z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Tedy.174388.419.30912.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed wacatac
Link:
https://www.filescan.io/uploads/62df8dabe18d450dc689e7a1/reports/a3862f12-4b18-44ad-94f1-8006b401cc08/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d88aa8b13dd489d8051baf82a5ef10973efaa31d2a485834032d529cedf23846
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d88aa8b13dd489d8051baf82a5ef10973efaa31d2a485834032d529cedf23846/
Threat name:
ByteCode-MSIL.Worm.Picsys
Create hunting rule
Status:
Malicious
First seen:
2022-07-26 06:18:53 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 40 (45.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3cfkrmj52se5qbi3v6bkl3yqs47pviy5fjefqnadfvjjz3pshbda._file
Result
Malware family:
stormkitty
Create hunting rule
Score:
  10/10
Tags:
family:blustealer family:stormkitty collection stealer
Link:
https://tria.ge/reports/220726-hjmkzaefbm/
Behaviour
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Downloads MZ/PE file
BluStealer
StormKitty
StormKitty payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/d88aa8b13dd489d8051baf82a5ef10973efaa31d2a485834032d529cedf23846

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

StormKitty

zip d88aa8b13dd489d8051baf82a5ef10973efaa31d2a485834032d529cedf23846

(this sample)

StormKitty

Executable exe 14d62b9dd87150bad3eafda51b5c2bd4639bd1e830fcde6254e4fe72a81b6a46

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 14d62b9dd87150bad3eafda51b5c2bd4639bd1e830fcde6254e4fe72a81b6a46
  
Dropping
MD5 24c5bd2c613102df0260befaa2b11a4f

Comments