Triage | Malware sandboxing report by Hatching Triage

Submit
Reports

Overview

overview

Static

static

3

Mail_Acces...V3.exe

windows10-2004-x64

Sharing

General

Target

Mail_AccesCheckerV3.zip
Size

9MB
Sample

221002-rhkvesbfdj
MD5

3f10164b84ce3c7378f78a2e76c1618a
SHA1

1a4eb074a80652d124c46b841f0b28f5e604d1fc
SHA256

fc1fc30ebcee7cac04595ac90e26d8705b6a4b75df793cb63a21b47f3b46164b
SHA512

4a37ef981839e9e6ecf2039d50c8226bcc05a2e85ac9c9f2a2b06179f57bc751e4283e1712b358a9ce587b0c43bfecf848488030047ee7958a2c2c58ff7b591c
SSDEEP

196608:QyAcZNA97ZxHF4YXToLZVKX3x61abFKXv4atFqSBpKqXX1pkmqAmK7IIQ+eiDRGt:lAx1TFrULZVKnA1zv4Oqc337qAmK73fY

Score

10^/10

asyncrat stormkitty default pyinstaller rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Mail_AccesCheckerV3.exe

Resource

win10v2004-20220901-en

asyncrat stormkitty default rat spyware stealer

windows10-2004-x64

12 signatures

30 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5528293567:AAEvVqFZRYkeHFch3_kTGdMV2u4Swi0-pT8/sendMessage?chat_id=1787677484

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Mail_AccesCheckerV3.exe
- Size
  
  9MB
- MD5
  
  b569d5ade4cf07fb5bcf5ddf68ebbf07
- SHA1
  
  4725efac826842a09c43333b3b41ca5e1857b1bd
- SHA256
  
  1077895d8661aa99f9f051adbde40bf3d96c728631ab80855cd7579a6c967080
- SHA512
  
  1f048fd0771c6e9abac3299f43191be76b5eac7e7a94a2ac825b646b135106ce50071f1ff510bca698595062d8d40829278fd82ac0ad2c72fd8a676dae7fbd5f
- SSDEEP
  
  196608:FHwZkvW0bF7FoRE2nOL2Vmd6+D/2c/f/+ScEQBkbp6eaKwsnH68:Z31FeREWOL2Vmd6m+c/eh4p6UX
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratstormkittydefaultratspywarestealer

© 2018-2023

Terms | Privacy