General
-
Target
3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110
-
Size
80KB
-
Sample
241201-z7l3saskhx
-
MD5
9bcb1a253d07b610da76fd22ad176c9d
-
SHA1
e5f8196083beab009db092fe891e88551393b247
-
SHA256
3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110
-
SHA512
1d0729cbff3905f937a59a9e56ed4c65cb805395cc430035b45bb82e1b06d8cfa490466d3661ade18b05e4be74ba642df1b61c03dbf7f22740373687261c5744
-
SSDEEP
1536:FZno9xptw8VGHE1uWdas6vKPHvfpK3I5hxS9a/voKxjzxtV3wFrD:F+bZPfpK3g69a/voKhzxtdwFn
Behavioral task
behavioral1
Sample
3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110
-
Size
80KB
-
MD5
9bcb1a253d07b610da76fd22ad176c9d
-
SHA1
e5f8196083beab009db092fe891e88551393b247
-
SHA256
3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110
-
SHA512
1d0729cbff3905f937a59a9e56ed4c65cb805395cc430035b45bb82e1b06d8cfa490466d3661ade18b05e4be74ba642df1b61c03dbf7f22740373687261c5744
-
SSDEEP
1536:FZno9xptw8VGHE1uWdas6vKPHvfpK3I5hxS9a/voKxjzxtV3wFrD:F+bZPfpK3g69a/voKhzxtdwFn
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
StormKitty payload
-
Stormkitty family
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-