General
-
Target
928-60-0x0000000000400000-0x0000000000C1E000-memory.dmp
-
Size
8.1MB
-
MD5
0f4936250385bcc8b4351d2aa8215c58
-
SHA1
922584e74b72de01d6ae9fe97a5135b7206d5e06
-
SHA256
db4266a99e9f61aae0dccbc1e2225257ba2b73ed240ee4bf9c565225aac6ec80
-
SHA512
502934008cfda771e16bdfaec0c50f0d8041df947f81590d19f14b7660b254a8603352cb309715b0ac0b8fb28fe6b619ccb098eb652b927e45331649a782a247
-
SSDEEP
196608:MMtqVgxKZTclXBTDt57OuWLyCvDDSApxQLZPZyo4YKYMmNQ0zu3E2eOaGTHfi5:MMAVgxGKBTDn7Mt/LaBZy3mY0zu3RRq
Score
10/10
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Njrat family
-
StormKitty payload 1 IoCs
-
Stormkitty family
-
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
928-60-0x0000000000400000-0x0000000000C1E000-memory.dmp
Headers
Sections