General
-
Target
7967616127.zip
-
Size
26KB
-
Sample
220912-jgdqqacgd5
-
MD5
0c04f55555fd86c1ec94221fab1b3c88
-
SHA1
63c3e4c87ca16308f41591f5ee68228f316c1c9a
-
SHA256
6437a3b9bcba8b96b27c759f3f10e677c2074e272264217e344d5467f32fd596
-
SHA512
4596613e30e0bd046aa1b7b85cb44b7ea19b81a77df0207567ae779c4236b81b9c8832cc517b42e97d8bc67cee498e20348c651516c34961ac3c1c7656040a8b
-
SSDEEP
768:T1NiFoU4K1V5t/tg9LoZ7Pru8EoklAwyxNaZTCykuBdmzJ:Z8FoUF5lt4MZ7PrVEHlAwyxNaNkl
Malware Config
Extracted
asyncrat
0.0.1
Default
bigdaddy-service.biz:6606
bigdaddy-service.biz:7707
bigdaddy-service.biz:8808
https://api.telegram.org/bot1887752763:AAEFHUQhXilkF7u0X0Uqs-Po7aZUCtVrohg/sendMessage?chat_id=1096425866
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
c79aed9551260daf74a2af2ec5b239332f3b89764ede670106389c3078e74d1a
-
Size
54KB
-
MD5
419ff1cecc6f90eede4fc8c14c0ba126
-
SHA1
cc546bb8dc504a44af1c761a8f3657421410d024
-
SHA256
c79aed9551260daf74a2af2ec5b239332f3b89764ede670106389c3078e74d1a
-
SHA512
3888dbd5d4401481cbea0193d4a721ae36cbd05c035ab1d3e616dacba07da730069790a5cf28f9f5c820e73eb1e288f366069b311d1b1f6f3de6514e485a56a9
-
SSDEEP
768:MOV6Lz2DzF+rYgRq/ex8T5FRG4M7zmtP4MBKMUsjET47N2C2GSY:Mk6Q384MnmtP4MBhUsjEs2Y
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-