General
-
Target
MtaSa Spoofer.exe
-
Size
33KB
-
Sample
240324-wd6zbaha8t
-
MD5
d6e54c65c404da05fc2f83bdd7a0bd4b
-
SHA1
8e2a5fd728be4cd86de00a9f8e033738b1eb441a
-
SHA256
e740b74006ab9e292ceca14a3b8a3e7cf87bea4f2f7ea1dc6f63e4c10b19d903
-
SHA512
f1ec6cf2dcd835fd7d1e71cbab86e913a5baac8693be90d01116e361b32f3269d727bde9a5b2cad22695ce2ac19c63c7d2c8767b995de3bbb9f0a12bb1727b42
-
SSDEEP
768:XdtAjPc3IhoI+JF7oIjmzRJKMz1QB6SRMW:It+P7oIjmzPZ1QoyMW
Static task
static1
Behavioral task
behavioral1
Sample
MtaSa Spoofer.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
MtaSa Spoofer.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
MtaSa Spoofer.exe
-
Size
33KB
-
MD5
d6e54c65c404da05fc2f83bdd7a0bd4b
-
SHA1
8e2a5fd728be4cd86de00a9f8e033738b1eb441a
-
SHA256
e740b74006ab9e292ceca14a3b8a3e7cf87bea4f2f7ea1dc6f63e4c10b19d903
-
SHA512
f1ec6cf2dcd835fd7d1e71cbab86e913a5baac8693be90d01116e361b32f3269d727bde9a5b2cad22695ce2ac19c63c7d2c8767b995de3bbb9f0a12bb1727b42
-
SSDEEP
768:XdtAjPc3IhoI+JF7oIjmzRJKMz1QB6SRMW:It+P7oIjmzPZ1QoyMW
Score10/10-
StormKitty payload
-
Disables RegEdit via registry modification
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4