legion | ba55650308db050704331599dc2dca653839b5e93b5957786051a907fd25963cN

General

Target

ba55650308db050704331599dc2dca653839b5e93b5957786051a907fd25963cN
Size

240KB
MD5

6ac85e78114ccf28fefbaaeb3a4c5f40
SHA1

22917a650f55dc7e466015b9aefc7d44b6baa67f
SHA256

ba55650308db050704331599dc2dca653839b5e93b5957786051a907fd25963c
SHA512

23476239a528bfa99ecfed26dc41e20375763ca80505a5ef7cc21096e296238c9dff886f9690a417876f4d4065775da700a3ace5287efab4be77fb59845553de
SSDEEP

3072:+2VrWC2IjTtCv/01vA4bCsWMxC7oJ9PNHnCvJgYizShv48P2Ae0mUeLhPUe98beE:ZVroI3tCi/DfHfWJgp98bezsAFK4

Score

10^/10

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Detect Legion stealer payload 1 IoCs

stealer

resource	yara_rule
sample	legion_stealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba55650308db050704331599dc2dca653839b5e93b5957786051a907fd25963cN