General
-
Target
llllllllllll.exe
-
Size
319KB
-
Sample
240331-n3sh8aah9x
-
MD5
e88dafe32615d5f8edc3b80b5c2a23d4
-
SHA1
1ebe10f65776e1a0b6aa3f7f974535cf4d53e941
-
SHA256
ee3711e660260539f1fcd84f2546e0bffad1c16e08046e9218aa202f0bf4a233
-
SHA512
7fa50d58922a24908e81c8a542eadab0114b44e92e2f4e2ec6edfcf1e266dea4e38a68f6bb4b36d02a0e90a84c4f5c025c150d039191a882abef256ac74dd6bb
-
SSDEEP
6144:SDh4Apb/Luvs69FzUoEorJzgjWj46kxujysZo7HBCdwyauYd/VB:SDh4gbjuvs+FvE+OWj463jyIqHBCdZaP
Static task
static1
Malware Config
Targets
-
-
Target
llllllllllll.exe
-
Size
319KB
-
MD5
e88dafe32615d5f8edc3b80b5c2a23d4
-
SHA1
1ebe10f65776e1a0b6aa3f7f974535cf4d53e941
-
SHA256
ee3711e660260539f1fcd84f2546e0bffad1c16e08046e9218aa202f0bf4a233
-
SHA512
7fa50d58922a24908e81c8a542eadab0114b44e92e2f4e2ec6edfcf1e266dea4e38a68f6bb4b36d02a0e90a84c4f5c025c150d039191a882abef256ac74dd6bb
-
SSDEEP
6144:SDh4Apb/Luvs69FzUoEorJzgjWj46kxujysZo7HBCdwyauYd/VB:SDh4gbjuvs+FvE+OWj463jyIqHBCdZaP
-
StormKitty payload
-
Async RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-