General
-
Target
Kulo Proxy.exe
-
Size
5.5MB
-
Sample
240814-xr869syepe
-
MD5
54e12440f6cf0297e01f7b163ff7b63a
-
SHA1
74bf40882aefe4cd4580bd075c714f8679ad8652
-
SHA256
b431ed16767cb8da4350cff864c6eb236b263768199c7b50518b8dda07f8fd35
-
SHA512
beb92db97661da1709139f46baef4ee97c3950ae345923048bdeaafadd2703a9406f43a12245f8cfce07e88ea29d1e55610c37ca32d6c7185b375aea5fcfb064
-
SSDEEP
98304:KrIdSnq6IWdXnvYz8t3uYFdgzWk64nTAtS:GMWAc+YFdCXTd
Malware Config
Targets
-
-
Target
Kulo Proxy.exe
-
Size
5.5MB
-
MD5
54e12440f6cf0297e01f7b163ff7b63a
-
SHA1
74bf40882aefe4cd4580bd075c714f8679ad8652
-
SHA256
b431ed16767cb8da4350cff864c6eb236b263768199c7b50518b8dda07f8fd35
-
SHA512
beb92db97661da1709139f46baef4ee97c3950ae345923048bdeaafadd2703a9406f43a12245f8cfce07e88ea29d1e55610c37ca32d6c7185b375aea5fcfb064
-
SSDEEP
98304:KrIdSnq6IWdXnvYz8t3uYFdgzWk64nTAtS:GMWAc+YFdCXTd
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detects Eternity stealer
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Modifies Windows Defender Real-time Protection settings
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-