General

  • Target

    3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110

  • Size

    80KB

  • Sample

    241201-z7l3saskhx

  • MD5

    9bcb1a253d07b610da76fd22ad176c9d

  • SHA1

    e5f8196083beab009db092fe891e88551393b247

  • SHA256

    3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110

  • SHA512

    1d0729cbff3905f937a59a9e56ed4c65cb805395cc430035b45bb82e1b06d8cfa490466d3661ade18b05e4be74ba642df1b61c03dbf7f22740373687261c5744

  • SSDEEP

    1536:FZno9xptw8VGHE1uWdas6vKPHvfpK3I5hxS9a/voKxjzxtV3wFrD:F+bZPfpK3g69a/voKhzxtdwFn

Malware Config

Targets

    • Target

      3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110

    • Size

      80KB

    • MD5

      9bcb1a253d07b610da76fd22ad176c9d

    • SHA1

      e5f8196083beab009db092fe891e88551393b247

    • SHA256

      3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110

    • SHA512

      1d0729cbff3905f937a59a9e56ed4c65cb805395cc430035b45bb82e1b06d8cfa490466d3661ade18b05e4be74ba642df1b61c03dbf7f22740373687261c5744

    • SSDEEP

      1536:FZno9xptw8VGHE1uWdas6vKPHvfpK3I5hxS9a/voKxjzxtV3wFrD:F+bZPfpK3g69a/voKhzxtdwFn

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.