Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2023-20868 – VMware NSX-T Vulnerability
May 24, 2023Rewterz Threat Advisory – ICS: Hitachi Ops Center Analyzer Vulnerability
May 24, 2023
Severity
High
Analysis Summary
StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable information. The stolen data is often used for various malicious purposes, including identity theft, financial fraud, and unauthorized access.
StormKitty Stealer possesses several key characteristics and functionalities:
- The primary objective of StormKitty Stealer is to exfiltrate sensitive data from compromised systems. It can target a wide range of applications, including web browsers, email clients, FTP programs, cryptocurrency wallets, and more. The malware collects stored credentials, browser cookies, autofill data, and other personal information.
- StormKitty Stealer establishes communication with remote command and control servers controlled by the attackers. This allows them to receive instructions, update the malware, and exfiltrate stolen data securely.
- To ensure its longevity on infected systems, StormKitty Stealer employs various persistence mechanisms. These may include creating registry entries, adding startup entries, or utilizing scheduled tasks to ensure the malware remains active and can survive system reboots.
- StormKitty Stealer incorporates anti-analysis techniques to evade detection by security software. This includes obfuscating code, employing packers or encryptors, and detecting the presence of virtual machines or sandboxes. The malware can be distributed as an email attachment disguised as a legitimate file, such as a PDF, Word document, or an archived file
Impact
- Data Exfiltration
- Credential Theft
- Information Theft
- Financial Loss
Indicators of Compromise
MD5
- 29a3e5a1d3864ce5b85ac5116f5ae844
- cbfca6bac76bae78506b23ef0c5f2a20
- a8f6bb96902e03a8e356c6bd5650a401
SHA-256
- 48252096cbcf7101b317519ab2c9c59302983f035c3764678060f6782eeaa88c
- 15fedc86e87841c141b113efa635ef5b7d28f7cf906597a60354cd2d3ba85e3b
- 15e2b1d8d7ec96acece7e015ec8588bec907b02945c8e20e59c1e84c039bae69
SHA-1
- 50cc73a3268ed9e343fc33a47b265c9c4cd3437d
- ec0998d7e46b457432a4de49b3dc8330ae892254
- aa68320445b3c8ba82fe34c3f2d8b8d5eb75fce6
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Check for any unauthorized transactions or activities on your financial accounts and report any suspicious activities to the respective authorities.
- Ensure that your operating system and all applications are up to date with the latest security patches and updates to prevent vulnerabilities that can be exploited by malware.
- Implement two-factor authentication for your online accounts to provide an additional layer of security.
- Avoid downloading and installing pirated software, as these sites are often a source of malware infections.
- Educate yourself and your employees on safe computing practices, such as being cautious when opening emails and downloading attachments, to prevent future infections.