General
-
Target
ChMetamask.exe
-
Size
1.3MB
-
Sample
230327-mepxrafa5v
-
MD5
e7529d32d963da6df89e3ffc6b14cd08
-
SHA1
4a11070ee8c0030ffdcf299e2b49d180e1890f57
-
SHA256
75883a7761887acd7afab7f2acc4f48fe72ff32577397a3c6786ded83db1e57b
-
SHA512
35c220822e24eb8d5b5fef18fd2b7f57b73ab61102632007af89bbe4b9eaca814e817adf6fb0a830c08928cb50e649cdb2da1c5550797ff4b1b377e9ffa99156
-
SSDEEP
24576:HWiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8L:qgReFs0ZM0T+Sk6BU7HIFo7G98L
Behavioral task
behavioral1
Sample
ChMetamask.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
ChMetamask.exe
-
Size
1.3MB
-
MD5
e7529d32d963da6df89e3ffc6b14cd08
-
SHA1
4a11070ee8c0030ffdcf299e2b49d180e1890f57
-
SHA256
75883a7761887acd7afab7f2acc4f48fe72ff32577397a3c6786ded83db1e57b
-
SHA512
35c220822e24eb8d5b5fef18fd2b7f57b73ab61102632007af89bbe4b9eaca814e817adf6fb0a830c08928cb50e649cdb2da1c5550797ff4b1b377e9ffa99156
-
SSDEEP
24576:HWiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8L:qgReFs0ZM0T+Sk6BU7HIFo7G98L
Score10/10-
StormKitty payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-