General

  • Target

    google.exe

  • Size

    83KB

  • Sample

    230830-wcw3qahd72

  • MD5

    0c054be03d7fa9ad3c0f14c6ef45ab51

  • SHA1

    21458aa10d5dd57690b1073c1d5afb05432ebdce

  • SHA256

    ce9ac1c65559cdc5dce9321e5ec22fed14c08db278c75476e1a1ffac2e652728

  • SHA512

    dab827afb25ed7b0887435ebeee9658c7770fd746ee05c303a202c237e3cf4eed1c8ed906e5b9faf21098c9ee48dd58db2e4d35d9273945698896d87fa45a288

  • SSDEEP

    1536:/AMfrTX01OrGpRZNdbv66Claewnph6Nu32dM3NAqVFSwJoEdf9b7Nha5xjDkOegi:6DewnphbBL/SwJTf9bTGhDkOeF

Malware Config

Targets

    • Target

      google.exe

    • Size

      83KB

    • MD5

      0c054be03d7fa9ad3c0f14c6ef45ab51

    • SHA1

      21458aa10d5dd57690b1073c1d5afb05432ebdce

    • SHA256

      ce9ac1c65559cdc5dce9321e5ec22fed14c08db278c75476e1a1ffac2e652728

    • SHA512

      dab827afb25ed7b0887435ebeee9658c7770fd746ee05c303a202c237e3cf4eed1c8ed906e5b9faf21098c9ee48dd58db2e4d35d9273945698896d87fa45a288

    • SSDEEP

      1536:/AMfrTX01OrGpRZNdbv66Claewnph6Nu32dM3NAqVFSwJoEdf9b7Nha5xjDkOegi:6DewnphbBL/SwJTf9bTGhDkOeF

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks