General
-
Target
xyz.zip
-
Size
10KB
-
Sample
221005-h8dz5adhcm
-
MD5
ce956cae713473a97745ea0d83463f3a
-
SHA1
8fae38f3240f6ee5068f9cbe40112f651c4042b1
-
SHA256
66fc76bb7fc8f2bdadb5112a0ac7396e25d847cdcfb9ff715cb790ea1e0b26eb
-
SHA512
e2514181a4182877cf8e256977a9d11e1956743520be14803e1ef2b30d150f11bd402a3156eb66249cc623409d59d1e09d34c72500868e8ecace7ec0a3630ff8
-
SSDEEP
192:+yohirCchhF23OUw4Vk4EZff/o6pN/EDjyIQ68nXr3e3xc3FGNNKn:+yRrCN5hbEZfXo6z/EDjGvD3Eun
Malware Config
Targets
-
-
Target
Spectrum (Global) Payment Confirmation.exe
-
Size
74KB
-
MD5
67958d190ff46bb281af29ee7b6cef28
-
SHA1
226ca55977aff7838fac8a5fe8c62530f84a1e22
-
SHA256
a7256a89909f64b9dd5bdf1b1b0849c0714c97eeca3749117775fe8c1be05f1a
-
SHA512
76ad2be9eb9168814693c4a8ce392b36f414f6a940d2f11937fe3452c711f107c78a86eb04c210645ef80f9eb0d587888d1d9c9bc3eaa74a1d4e01e6b43056be
-
SSDEEP
384:WVn7l2UC+0HgRqOflaIttttttttttttttttttttttttttttt+Q34NydLAunywWqR:WVn7lj7NaIOXSNW1SAb
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Async RAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-