Overview

overview

10

Static

static

10

3b948a0eb0...94.exe

windows7-x64

10

3b948a0eb0...94.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b948a0eb0e9bbca72fc363b63ffd3a5983e23c47f14f8296e8559fd98c25094

  • Size

    170KB

  • Sample

    220907-lmhb7sbfa7

  • MD5

    dc16ceda00dc55d94fa4c0bd02ceca4d

  • SHA1

    bbba0f23da74180ef330e8a96f2f6f962c6ea69b

  • SHA256

    3b948a0eb0e9bbca72fc363b63ffd3a5983e23c47f14f8296e8559fd98c25094

  • SHA512

    9febd11d3a4dc31e810c33b03a34899e7a45e35a802f6b8540942da8b4ca70678942c37fc92bcf23b65292d0c204cdaaa0a4ceb9c067ec7eeb8c585a181f66a6

  • SSDEEP

    3072:c3ST4aYp5zZb2faAaVZUMuvSkqIPu/i9buT2chZby+Wpp:6aozZQ7aVOjvSkXPSi9bQp

Score
10/10
asyncratstormkittydefaultratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5513183792:AAFQ4iWtWYUO5ECZA4X8xPtF4k5ZzJ6k12o/sendMessage?chat_id=1327185591
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      3b948a0eb0e9bbca72fc363b63ffd3a5983e23c47f14f8296e8559fd98c25094

    • Size

      170KB

    • MD5

      dc16ceda00dc55d94fa4c0bd02ceca4d

    • SHA1

      bbba0f23da74180ef330e8a96f2f6f962c6ea69b

    • SHA256

      3b948a0eb0e9bbca72fc363b63ffd3a5983e23c47f14f8296e8559fd98c25094

    • SHA512

      9febd11d3a4dc31e810c33b03a34899e7a45e35a802f6b8540942da8b4ca70678942c37fc92bcf23b65292d0c204cdaaa0a4ceb9c067ec7eeb8c585a181f66a6

    • SSDEEP

      3072:c3ST4aYp5zZb2faAaVZUMuvSkqIPu/i9buT2chZby+Wpp:6aozZQ7aVOjvSkXPSi9bQp

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks