General
-
Target
Katana.exe
-
Size
4.2MB
-
Sample
230507-k32v4sdc57
-
MD5
f535b8e4c0387ad3311772ed6e203da3
-
SHA1
3d32e3e014d7f715f38ccab88522ebd0385f0d44
-
SHA256
43356d754fb7ddeb493c95127122e3ee6126d8408936e7b8cbc7c5554efca1bc
-
SHA512
5c6eb9375474d148905b6bfcdd8520b86a1ef2936ae54ce363ff76bdbd770ad621e28f57c54807a78dcb42244752179c7cfe7cfc66606a29d930465e524f8ade
-
SSDEEP
98304:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzXn0s6Hr+0Eeghkzhhc1uw3KHtKI3HHAiZ:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzE
Static task
static1
Behavioral task
behavioral1
Sample
Katana.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Katana.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Katana.exe
-
Size
4.2MB
-
MD5
f535b8e4c0387ad3311772ed6e203da3
-
SHA1
3d32e3e014d7f715f38ccab88522ebd0385f0d44
-
SHA256
43356d754fb7ddeb493c95127122e3ee6126d8408936e7b8cbc7c5554efca1bc
-
SHA512
5c6eb9375474d148905b6bfcdd8520b86a1ef2936ae54ce363ff76bdbd770ad621e28f57c54807a78dcb42244752179c7cfe7cfc66606a29d930465e524f8ade
-
SSDEEP
98304:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzXn0s6Hr+0Eeghkzhhc1uw3KHtKI3HHAiZ:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
-
ElysiumStealer Support DLL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
AgentTesla payload
-
Loads dropped DLL
-