General
-
Target
d744acfd989c900314f9e1bced18aaae5cdef2dde15a98512842c43f47afc315.bin
-
Size
2.9MB
-
Sample
211228-km2v6sdfb7
-
MD5
bec34a052aa8082d10b8da33fe7883e4
-
SHA1
e3f02cd8ca16879049e2e1e851432c200243dff0
-
SHA256
d744acfd989c900314f9e1bced18aaae5cdef2dde15a98512842c43f47afc315
-
SHA512
2c0718e139b214cdfe50030a49f557e4696131fcdf4c524fc8a08681f480862b6d5c3f4188130491d84eb58cf9276f371ab05fd2b2e063799aa6a4bd0a12bd3a
Static task
static1
Behavioral task
behavioral1
Sample
d744acfd989c900314f9e1bced18aaae5cdef2dde15a98512842c43f47afc315.bin.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d744acfd989c900314f9e1bced18aaae5cdef2dde15a98512842c43f47afc315.bin.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
d744acfd989c900314f9e1bced18aaae5cdef2dde15a98512842c43f47afc315.bin
-
Size
2.9MB
-
MD5
bec34a052aa8082d10b8da33fe7883e4
-
SHA1
e3f02cd8ca16879049e2e1e851432c200243dff0
-
SHA256
d744acfd989c900314f9e1bced18aaae5cdef2dde15a98512842c43f47afc315
-
SHA512
2c0718e139b214cdfe50030a49f557e4696131fcdf4c524fc8a08681f480862b6d5c3f4188130491d84eb58cf9276f371ab05fd2b2e063799aa6a4bd0a12bd3a
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
StormKitty Payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-