Static task
static1
Behavioral task
behavioral1
Sample
kdot.ps1
Resource
win10-20240404-en
General
-
Target
kdot.ps1
-
Size
72KB
-
MD5
dc9af15e5ffdbd6d1ad83eabc919947a
-
SHA1
a6890b3f6ba2faf505a590edf887984ddd1003d2
-
SHA256
a388153c68b09e240ccf8feb8405c0fe3f5094843d7cea9b85984565b73a4f27
-
SHA512
d3ce1eeb2b136a262730aa889969371860f9683c7c63a54d3971932d04e05249dc37d4af2813ed308e25fc9b5aeb5d18e063a17a9b2cdad3d51ca6838ecbdce3
-
SSDEEP
1536:H8SdVn5ahg5yYp6zdv/5l05Qo8l01zhwZPhZcLrJS7srHX6Cx:H8SdVn5Uwiv/5IQo8l01zhw5hUr9KCx
Malware Config
Extracted
https://hard-arrivals.gl.at.ply.gg:52006/data
https://github.com/ChildrenOfYahweh/Kematian-Stealer/raw/main/frontend-src/blockhosts.ps1
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/antivm.ps1
http://ip-api.com/json
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/webcam.ps1
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/kematian_shellcode.ps1
Signatures
Files
-
kdot.ps1.ps1