General
-
Target
edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e.exe
-
Size
2.6MB
-
Sample
241114-ds6yratfne
-
MD5
e8285f01dff90fca4b37d4df7da03c4b
-
SHA1
fb19156b1aab033ed8b5212821a8b039a2c363d9
-
SHA256
edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e
-
SHA512
f39a69d1c546adb1ba1b744d02bc6407e36c51396d825c03957b584ac22ce1a0b21846a9181e57cb186d34d40cb32bed2662e0bf2caca1bd99f74ee457154a0d
-
SSDEEP
49152:862EA6E97H+leX14OKwpGpKqYygbN3+3+C+m32sBHEAdpvQKQKd719O03WMl:862nJIO14OKT12Out22sBHXIKQe7e0x
Static task
static1
Behavioral task
behavioral1
Sample
edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e.exe
-
Size
2.6MB
-
MD5
e8285f01dff90fca4b37d4df7da03c4b
-
SHA1
fb19156b1aab033ed8b5212821a8b039a2c363d9
-
SHA256
edc325712bb62fcd4fe96f6bf63559449b9158b816768a8122dad070e8aaf44e
-
SHA512
f39a69d1c546adb1ba1b744d02bc6407e36c51396d825c03957b584ac22ce1a0b21846a9181e57cb186d34d40cb32bed2662e0bf2caca1bd99f74ee457154a0d
-
SSDEEP
49152:862EA6E97H+leX14OKwpGpKqYygbN3+3+C+m32sBHEAdpvQKQKd719O03WMl:862nJIO14OKT12Out22sBHXIKQe7e0x
Score10/10-
Asyncrat family
-
StormKitty payload
-
Stormkitty family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-