Overview

overview

10

Static

static

10

2024-02-12...ub.exe

windows7-x64

2024-02-12...ub.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-02-12_b6171b79d074f6209ad45593fef74233_allaple_blacknet_cobalt-strike_floxif_gandcrab_gh0st_hublo_inception_limerat_mailto_njrat_petya_rifdoor_sakula_scarhikn_trickbot_xiaoba_zloader

  • Size

    13.4MB

  • MD5

    b6171b79d074f6209ad45593fef74233

  • SHA1

    2dbcaaea4307e8c52824f21f5d76dd14ffbc9306

  • SHA256

    a79fd77fb68125a4df09c38cd622225180a53db0b22423ef5faa51ba1a37f0a4

  • SHA512

    8183dd88e8c8c2952ca5fa227210edfc55a8b5bc712b1ba6af7e09318a16434399a812af292124072fb76712055aafe27ef91206135a597d369a8975620b892e

  • SSDEEP

    196608:X4A0/BZo55gBE32hifcgw+dhSh+zVuU0XNb7:X4A0/B/Bhjgw+dhHMJ7

Score
10/10
stormkittymetasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

84.205.7.83:7167

Extracted

Family

metasploit

Version

metasploit_stager

C2

35.182.213.89:443

Signatures

  • Detects Reflective DLL injection artifacts 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Detects executables manipulated with Fody 1 IoCs
  • Detects executables packed with ConfuserEx Custom; outside of GIT 1 IoCs
  • Detects executables packed with ConfuserEx Mod 1 IoCs
  • Detects executables packed with Enigma 1 IoCs
  • Detects executables packed with SmartAssembly 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Gandcrab Payload 1 IoCs
  • Metasploit family
    metasploit
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • UPX dump on OEP (original entry point) 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-02-12_b6171b79d074f6209ad45593fef74233_allaple_blacknet_cobalt-strike_floxif_gandcrab_gh0st_hublo_inception_limerat_mailto_njrat_petya_rifdoor_sakula_scarhikn_trickbot_xiaoba_zloader
    .exe windows:0 windows x64 arch:x64


    Headers

    Sections