stormkitty | Realtek[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Realtek.exe
Size

80KB
MD5

9bcb1a253d07b610da76fd22ad176c9d
SHA1

e5f8196083beab009db092fe891e88551393b247
SHA256

3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110
SHA512

1d0729cbff3905f937a59a9e56ed4c65cb805395cc430035b45bb82e1b06d8cfa490466d3661ade18b05e4be74ba642df1b61c03dbf7f22740373687261c5744
SSDEEP

1536:FZno9xptw8VGHE1uWdas6vKPHvfpK3I5hxS9a/voKxjzxtV3wFrD:F+bZPfpK3g69a/voKhzxtdwFn

Score

10^/10

stormkitty

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Files

Realtek.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

71:68:58:ae:7d:63:45:97:4c:09:9a:21:3d:0b:84:1f
Certificate

Issuer

CN=DigiCert Inc.

Not Before

23-11-2024 15:30

Not After

23-11-2054 15:30

Subject

CN=DigiCert Inc.

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3e:ef:4b:e3:8e:90:c1:c2:2c:a3:1c:6e:28:d3:92:06
Certificate

Issuer

CN=DigiCert Inc.

Not Before

23-11-2024 15:30

Not After

23-11-2054 15:30

Subject

CN=Realtek

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15-01-2024 00:00

Not After

14-04-2035 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22-03-2021 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:73:c1:0a:a3:bd:f9:22:fc:c7:83:69:f9:68:b1:2f:30:c5:6c:e0
Signer

Actual PE Digest

d0:73:c1:0a:a3:bd:f9:22:fc:c7:83:69:f9:68:b1:2f:30:c5:6c:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

71:68:58:ae:7d:63:45:97:4c:09:9a:21:3d:0b:84:1fCertificate

Key Usages

3e:ef:4b:e3:8e:90:c1:c2:2c:a3:1c:6e:28:d3:92:06Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

d0:73:c1:0a:a3:bd:f9:22:fc:c7:83:69:f9:68:b1:2f:30:c5:6c:e0Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 71KB - Virtual size: 71KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

71:68:58:ae:7d:63:45:97:4c:09:9a:21:3d:0b:84:1f
Certificate

3e:ef:4b:e3:8e:90:c1:c2:2c:a3:1c:6e:28:d3:92:06
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

d0:73:c1:0a:a3:bd:f9:22:fc:c7:83:69:f9:68:b1:2f:30:c5:6c:e0
Signer

.text
Size: 71KB - Virtual size: 71KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B