Overview

overview

10

Static

static

10

Kematian-S...ME.ps1

windows7-x64

3

Kematian-S...ME.ps1

windows10-2004-x64

3

Kematian-S...er.bat

windows7-x64

1

Kematian-S...er.bat

windows10-2004-x64

1

Kematian-S...est.py

windows7-x64

3

Kematian-S...est.py

windows10-2004-x64

3

Kematian-S...vm.ps1

windows7-x64

3

Kematian-S...vm.ps1

windows10-2004-x64

3

Kematian-S...un.ps1

windows7-x64

3

Kematian-S...un.ps1

windows10-2004-x64

6

Kematian-S...ts.ps1

windows7-x64

8

Kematian-S...ts.ps1

windows10-2004-x64

8

Kematian-S...ion.js

windows7-x64

3

Kematian-S...ion.js

windows10-2004-x64

3

Kematian-S...de.ps1

windows7-x64

3

Kematian-S...de.ps1

windows10-2004-x64

8

Kematian-S...in.bat

windows7-x64

3

Kematian-S...in.bat

windows10-2004-x64

10

Kematian-S...in.ps1

windows7-x64

3

Kematian-S...in.ps1

windows10-2004-x64

8

Kematian-S...am.ps1

windows7-x64

3

Kematian-S...am.ps1

windows10-2004-x64

3

Kematian-S...mon.js

windows7-x64

3

Kematian-S...mon.js

windows10-2004-x64

3

Kematian-S...ld.bat

windows7-x64

1

Kematian-S...ld.bat

windows10-2004-x64

1

Kematian-S...ain.py

windows7-x64

3

Kematian-S...ain.py

windows10-2004-x64

3

Kematian-S...ver.py

windows7-x64

3

Kematian-S...ver.py

windows10-2004-x64

3

Kematian-S...ler.py

windows7-x64

3

Kematian-S...ler.py

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kematian-Stealer-main/main.py

  • Size

    2KB

  • MD5

    8143ef9f2901a953b74b53fb5b6e33ec

  • SHA1

    e90feb9b39dc10dcb8bffdaf66436269b5671f05

  • SHA256

    ad1590db88ccce5a4b0602d23cbae0978d49e3d6a4d4ebc6de2905549b96c6d3

  • SHA512

    3c51892b8c7e650a369e901ef9d23899b6ae35fdf262d0e16c8897df07834e5ec0dab014a8bb9df67e715b66933c26f744feae6e129c0b0dd7a813838fa18322

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Kematian-Stealer-main\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Kematian-Stealer-main\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Kematian-Stealer-main\main.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    499b08887ed49c3644baa91b7120c4e3

    SHA1

    ea64c2984e65472a5b211756ddadc173bdc794c3

    SHA256

    473b4121939bb48a7147dac9e44797878295e0a488e3b5ff7d330ed52407b1f1

    SHA512

    1cec4fdfaef49a58f8347b4b401ae5144fd992334ab67ea72fa0efb2e56e8982dd28212363d9e278b169cda6eed822552c2658af1d3b27cd1f350b84bef37844

    Download Submit