Overview

overview

10

Static

static

10

Nitro Geg.exe

windows7-x64

10

Nitro Geg.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nitro_Geg.rar

  • Size

    73KB

  • Sample

    221127-vw5crshg6z

  • MD5

    5a32a01ef7ce5e889b5e5e997c93f8d3

  • SHA1

    715aba4c3e77bef954b88ee450ffd526b136814e

  • SHA256

    4f58aaab4fe5132072d30d7d49a4c226d2e69c150e657a04003547aaf158562e

  • SHA512

    a30ce863562497de2b1979b81a00416424ab9b8788ba28b496dfdd377d908e5d25e0eab8754ba8c8b9537f32f7f17ff7aaa1d445dc5e3bbb3ed5942c73d9c515

  • SSDEEP

    1536:UViwj65DAvItHi8IGd683i7q07VzgSHyX10:Q29AvIw8IGfxkzgSHe0

Score
10/10
asyncratstormkittydefaultratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot2073258549:AAHzhpPJxXGsULYpvE1VHMzNgGQv3U36VCY/sendMessage?chat_id=818742211
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Nitro Geg.exe

    • Size

      170KB

    • MD5

      c1d9bfff281d25c10356fa8a4d4423b8

    • SHA1

      9a87dd9f13b79eef27b789983ada8ed923864406

    • SHA256

      2ef0e305a16c3e7146c32b8d82ce0ffa06c3f3801bf6ae860fa6e9086d820c13

    • SHA512

      64fe9cd879b25716a72f4a12e5ae36a150d508f17799a58a1c9c4077c9aeb212777372e1f5fdd1ff77c8894d610049754c009ee6592f4c85600b5d88c04c03f1

    • SSDEEP

      3072:++STW8djpN6izj8mZwhp0II4IDqIPu/i9bvO2calhiZdaM6+Wp7:j8XN6W8mmhxFIXPSi9bmYriZd

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks