General
-
Target
4782599732625408.zip
-
Size
212KB
-
Sample
220127-17cd1sccd7
-
MD5
d330bdf4983312cd6a5fd631acae8b44
-
SHA1
3c8dce8265270f9e17ee175218e943f47010a061
-
SHA256
d6574989f310b3149c17c3e1163d0fb0b4f2fc8328bcc24035c04ea6523b7dee
-
SHA512
92a567d4ab4ab21eade04ae7966fdaee3baf2be2709dbc99b6b4c0906d716715745a9c57aa7d441ef2f82ea099bfbc660c96a24e3bf9cd9bd5b645c8be830db2
Static task
static1
Behavioral task
behavioral1
Sample
Quote_PDF.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Quote_PDF.vbs
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
Quote_PDF.vbs
-
Size
444KB
-
MD5
d9f992f8020aa3a3bf5053657ae2b4e1
-
SHA1
04862f6295b1f63466eac99adbe9f28f678b4aab
-
SHA256
8dba6450d3ff2ac99d519d8f75affdcbb25bf5743e265246e0bfedd60a325a28
-
SHA512
1f632773295db7dd8a30370a66f29bbcd10485f0483b616ae6e736020d6144cb345e992cd6101da50c70ae078d79de42afd9b1b6e33fd90ced49b0e81207199a
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
StormKitty Payload
-
Async RAT payload
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-