General
-
Target
googlechrome.exe
-
Size
83KB
-
Sample
240503-ng65gsdc6t
-
MD5
ebd777183fe6d13de63d12decad546c7
-
SHA1
807cb8f56e9143e2144071f26c70b3ebdb6e1927
-
SHA256
7ea06aaeaf6d72d04cbc3d94beb8b639b65ec2ee0e5cb4816cbff28790537f88
-
SHA512
8650c4873b36a70af1ce4887121de957606fdf381205fee88b26de00069040cfafd8a4bf5668677ddfed1ac7654aeaa258fa93954f86594d31ba50298adb188a
-
SSDEEP
1536:EAMfrTX01OrGpRZNdbv66Claewnph6Nu/FJdVK5uYpiVpXwvf9bPNhlxj0kOe6D:DDewnphDF0gVpCf9bXlh0kOem
Behavioral task
behavioral1
Sample
googlechrome.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
googlechrome.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
googlechrome.exe
-
Size
83KB
-
MD5
ebd777183fe6d13de63d12decad546c7
-
SHA1
807cb8f56e9143e2144071f26c70b3ebdb6e1927
-
SHA256
7ea06aaeaf6d72d04cbc3d94beb8b639b65ec2ee0e5cb4816cbff28790537f88
-
SHA512
8650c4873b36a70af1ce4887121de957606fdf381205fee88b26de00069040cfafd8a4bf5668677ddfed1ac7654aeaa258fa93954f86594d31ba50298adb188a
-
SSDEEP
1536:EAMfrTX01OrGpRZNdbv66Claewnph6Nu/FJdVK5uYpiVpXwvf9bPNhlxj0kOe6D:DDewnphDF0gVpCf9bXlh0kOem
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
StormKitty payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-