Rewterz Threat Alert – StormKitty Stealer: A Threatening Information-Stealing Malware – Active IOCs

Severity

High

Analysis Summary

StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable information. The stolen data is often used for various malicious purposes, including identity theft, financial fraud, and unauthorized access.

StormKitty Stealer possesses several key characteristics and functionalities:

• The primary objective of StormKitty Stealer is to exfiltrate sensitive data from compromised systems. It can target a wide range of applications, including web browsers, email clients, FTP programs, cryptocurrency wallets, and more. The malware collects stored credentials, browser cookies, autofill data, and other personal information.
• StormKitty Stealer establishes communication with remote command and control servers controlled by the attackers. This allows them to receive instructions, update the malware, and exfiltrate stolen data securely.
• To ensure its longevity on infected systems, StormKitty Stealer employs various persistence mechanisms. These may include creating registry entries, adding startup entries, or utilizing scheduled tasks to ensure the malware remains active and can survive system reboots.
• StormKitty Stealer incorporates anti-analysis techniques to evade detection by security software. This includes obfuscating code, employing packers or encryptors, and detecting the presence of virtual machines or sandboxes. The malware can be distributed as an email attachment disguised as a legitimate file, such as a PDF, Word document, or an archived file

Impact

• Data Exfiltration
• Credential Theft
• Information Theft
• Financial Loss

Indicators of Compromise

MD5

• 29a3e5a1d3864ce5b85ac5116f5ae844
• cbfca6bac76bae78506b23ef0c5f2a20
• a8f6bb96902e03a8e356c6bd5650a401

SHA-256

• 48252096cbcf7101b317519ab2c9c59302983f035c3764678060f6782eeaa88c
• 15fedc86e87841c141b113efa635ef5b7d28f7cf906597a60354cd2d3ba85e3b
• 15e2b1d8d7ec96acece7e015ec8588bec907b02945c8e20e59c1e84c039bae69

SHA-1

• 50cc73a3268ed9e343fc33a47b265c9c4cd3437d
• ec0998d7e46b457432a4de49b3dc8330ae892254
• aa68320445b3c8ba82fe34c3f2d8b8d5eb75fce6

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Emails from unknown senders should always be treated with caution.
• Check for any unauthorized transactions or activities on your financial accounts and report any suspicious activities to the respective authorities.
• Ensure that your operating system and all applications are up to date with the latest security patches and updates to prevent vulnerabilities that can be exploited by malware.
• Implement two-factor authentication for your online accounts to provide an additional layer of security.
• Avoid downloading and installing pirated software, as these sites are often a source of malware infections.
• Educate yourself and your employees on safe computing practices, such as being cautious when opening emails and downloading attachments, to prevent future infections.