General
-
Target
dont run rat.exe
-
Size
82KB
-
Sample
230808-e3knyaae77
-
MD5
c2201c60de54af1ae8a955ab81749a8c
-
SHA1
0688bc92cd99c3c1f462278e7cdfa3d918c4cb26
-
SHA256
3f035e1f1bf453f46e6cf2107980c906e186d1e4b54cb93558893c44b0496717
-
SHA512
036ebfee02d1bfa847d4901ca4287245387059f54b6937b36dff0121223a96b8794171520db56280d26c773a7bd71e1e05ce21f5e9b2e09957df2522736ab013
-
SSDEEP
1536:oAMfrTX01OrGpRZNdbv66Claewnph6Nu3qdM4iuYpil1Xavf9buNhSxjDkOe7y:HDewnphb9gl1Ef9bcShDkOem
Behavioral task
behavioral1
Sample
dont run rat.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
dont run rat.exe
-
Size
82KB
-
MD5
c2201c60de54af1ae8a955ab81749a8c
-
SHA1
0688bc92cd99c3c1f462278e7cdfa3d918c4cb26
-
SHA256
3f035e1f1bf453f46e6cf2107980c906e186d1e4b54cb93558893c44b0496717
-
SHA512
036ebfee02d1bfa847d4901ca4287245387059f54b6937b36dff0121223a96b8794171520db56280d26c773a7bd71e1e05ce21f5e9b2e09957df2522736ab013
-
SSDEEP
1536:oAMfrTX01OrGpRZNdbv66Claewnph6Nu3qdM4iuYpil1Xavf9buNhSxjDkOe7y:HDewnphb9gl1Ef9bcShDkOem
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
StormKitty payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-