Overview

overview

10

Static

static

10

2024-06-14...cr.exe

windows7-x64

2024-06-14...cr.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-14_dd90b11f1be5fa2b5a917736df5f28a6_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcrab_gh0st_hublo_inception_limerat_mailto_njrat_petya_rifdoor_sakula_scarhikn_trickbot_xiaoba_zloader

  • Size

    13.4MB

  • MD5

    dd90b11f1be5fa2b5a917736df5f28a6

  • SHA1

    4dabc410bd3821bcbb396bd4fb53b2a50fb478a5

  • SHA256

    5aaa80bc6f4bafdc40f59beda4af6c7075455733977153ac031c28e65307e2ef

  • SHA512

    67e952b0203bdbe867385d73feb2f8da981d7d4718719bd62d39fdab9ac941fca4aff74eb95632cd00efb4c76d2969a75d02b93c0632bca37bbc8813b256486c

  • SSDEEP

    196608:j4A0/BZo55gBE32hifcgw+dhSh+zVuU0XNb:j4A0/B/Bhjgw+dhHMJ

Score
10/10
stormkittymetasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

84.205.7.83:7167

Extracted

Family

metasploit

Version

metasploit_stager

C2

35.182.213.89:443

Signatures

  • Detects Reflective DLL injection artifacts 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Detects executables manipulated with Fody 1 IoCs
  • Detects executables packed with ConfuserEx Custom; outside of GIT 1 IoCs
  • Detects executables packed with ConfuserEx Mod 1 IoCs
  • Detects executables packed with Enigma 1 IoCs
  • Detects executables packed with SmartAssembly 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Gandcrab Payload 1 IoCs
  • Metasploit family
    metasploit
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • UPX dump on OEP (original entry point) 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-06-14_dd90b11f1be5fa2b5a917736df5f28a6_agent-tesla_allaple_blacknet_cobalt-strike_floxif_gandcrab_gh0st_hublo_inception_limerat_mailto_njrat_petya_rifdoor_sakula_scarhikn_trickbot_xiaoba_zloader
    .exe windows:0 windows x64 arch:x64


    Headers

    Sections