General

  • Target

    dont run rat.exe

  • Size

    82KB

  • Sample

    230808-e3knyaae77

  • MD5

    c2201c60de54af1ae8a955ab81749a8c

  • SHA1

    0688bc92cd99c3c1f462278e7cdfa3d918c4cb26

  • SHA256

    3f035e1f1bf453f46e6cf2107980c906e186d1e4b54cb93558893c44b0496717

  • SHA512

    036ebfee02d1bfa847d4901ca4287245387059f54b6937b36dff0121223a96b8794171520db56280d26c773a7bd71e1e05ce21f5e9b2e09957df2522736ab013

  • SSDEEP

    1536:oAMfrTX01OrGpRZNdbv66Claewnph6Nu3qdM4iuYpil1Xavf9buNhSxjDkOe7y:HDewnphb9gl1Ef9bcShDkOem

Score
10/10

Malware Config

Targets

    • Target

      dont run rat.exe

    • Size

      82KB

    • MD5

      c2201c60de54af1ae8a955ab81749a8c

    • SHA1

      0688bc92cd99c3c1f462278e7cdfa3d918c4cb26

    • SHA256

      3f035e1f1bf453f46e6cf2107980c906e186d1e4b54cb93558893c44b0496717

    • SHA512

      036ebfee02d1bfa847d4901ca4287245387059f54b6937b36dff0121223a96b8794171520db56280d26c773a7bd71e1e05ce21f5e9b2e09957df2522736ab013

    • SSDEEP

      1536:oAMfrTX01OrGpRZNdbv66Claewnph6Nu3qdM4iuYpil1Xavf9buNhSxjDkOe7y:HDewnphb9gl1Ef9bcShDkOem

    Score
    10/10
    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks