Overview

overview

10

Static

static

10

starter.exe

windows7-x64

10

starter.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    starter.exe

  • Size

    226KB

  • MD5

    3db2dac3480e16bef2afd24e30bb1371

  • SHA1

    ecf099bba032e1976e51da8e4dc37e2c50f7d481

  • SHA256

    1318d4da5cb4a565542f2a050a0db40bbd3de795ca1f07c1aee45ad0e568eb00

  • SHA512

    3cf744f0fa4ec7d9f0ebb987b74fb606404272ef73faba2bcf9d99e2cddc6a4772b4cc68030e48d09b9ed4743e999e35ff1dd4d15044fe9c898923540b3529ea

  • SSDEEP

    3072:6+STW8djpN6izj8mZwilngYwUbBqrqE5VnTmxZIfX9f36+Wp1:n8XN6W8mmiuHUbaZTmxCfN

Score
10/10
ratdefaultasyncratstormkitty

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5113678815:AAHRbsV5L8mCMgCvhvOuwYrhXJTTfVGMRUw/sendMessage?chat_id=850026642
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty

Files

  • starter.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections