Overview

overview

10

Static

static

10

2024-06-13...cr.exe

windows7-x64

2024-06-13...cr.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-06-13_51ce824d0a9b0d797145171dcf1ad527_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcrab_gh0st_hublo_inception_limerat_mailto_njrat_petya_rifdoor_sakula_scarhikn_trickbot_xiaoba_zloader

  • Size

    13.4MB

  • MD5

    51ce824d0a9b0d797145171dcf1ad527

  • SHA1

    9ab35c89bc27c20ad421d1dced4bcff316beb68c

  • SHA256

    b3c4563aa0df6f4500dde88ac7202f2a1c34382061bb6dbe442c9c16247bc03d

  • SHA512

    57a102022df0a658b333940682ab021efd895312c9201870d30a37853639afaefcc4673f36cc8243825529d841e70673a1fe9f6a44fad90b6a6ddf27ecd508c9

  • SSDEEP

    196608:j4A0/BZo55gBE32hifcgw+dhSh+zVuU0XNb7:j4A0/B/Bhjgw+dhHMJ7

Score
10/10
stormkittymetasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

84.205.7.83:7167

Extracted

Family

metasploit

Version

metasploit_stager

C2

35.182.213.89:443

Signatures

  • Detects Reflective DLL injection artifacts 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Detects executables manipulated with Fody 1 IoCs
  • Detects executables packed with ConfuserEx Custom; outside of GIT 1 IoCs
  • Detects executables packed with ConfuserEx Mod 1 IoCs
  • Detects executables packed with Enigma 1 IoCs
  • Detects executables packed with SmartAssembly 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Gandcrab Payload 1 IoCs
  • Metasploit family
    metasploit
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • UPX dump on OEP (original entry point) 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-06-13_51ce824d0a9b0d797145171dcf1ad527_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcrab_gh0st_hublo_inception_limerat_mailto_njrat_petya_rifdoor_sakula_scarhikn_trickbot_xiaoba_zloader
    .exe windows:0 windows x64 arch:x64


    Headers

    Sections