General
-
Target
R.jpg
-
Size
27KB
-
Sample
240904-r6ey3ssdkp
-
MD5
dbee2120a96d37e00a43031c075f8358
-
SHA1
ee14df8c755aa57e8d49839ba4346d2ad6975e52
-
SHA256
4a42fb4f76e33bf388947b128e9a868b4d4b3e94877b4934ad3e656c652bf748
-
SHA512
e35c47bc6e16ea87314da088210e07226d9988dfef6b17d9880a38ce58af0b5b20874e3a8bb0931493589bd8fcf593ebf8a660dd8fa9ea93af18fce15bf3fd8f
-
SSDEEP
384:4CsN3X0EbqjSiUYMHogN4gFfLzqkqtEoqEJnYeF4Qt1ntWaawjkHfMvX:4P5X0Ebg9MIq4sTzqkdMlF4Qt1nt1Q/c
Malware Config
Targets
-
-
Target
R.jpg
-
Size
27KB
-
MD5
dbee2120a96d37e00a43031c075f8358
-
SHA1
ee14df8c755aa57e8d49839ba4346d2ad6975e52
-
SHA256
4a42fb4f76e33bf388947b128e9a868b4d4b3e94877b4934ad3e656c652bf748
-
SHA512
e35c47bc6e16ea87314da088210e07226d9988dfef6b17d9880a38ce58af0b5b20874e3a8bb0931493589bd8fcf593ebf8a660dd8fa9ea93af18fce15bf3fd8f
-
SSDEEP
384:4CsN3X0EbqjSiUYMHogN4gFfLzqkqtEoqEJnYeF4Qt1ntWaawjkHfMvX:4P5X0Ebg9MIq4sTzqkdMlF4Qt1nt1Q/c
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detects Eternity stealer
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Growtopia
Growtopa is an opensource modular stealer written in C#.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-