Overview

overview

10

Static

static

(pass_0day...ay.zip

windows10-2004-x64

10

Resubmissions

15-01-2023 00:22

230115-anyj2abd3s 10

15-01-2023 00:20

230115-anag7sbd21 1

15-01-2023 00:06

230115-adw88abc2w 1

15-01-2023 00:03

230115-acc4ysbb8y 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    (pass_0day)_instagram_0day.zip

  • Size

    1.1MB

  • Sample

    230115-anyj2abd3s

  • MD5

    0a177850006ef85d74290b4b758e955b

  • SHA1

    1f69d1eea2920cd02ec202dd667e8ecd13d28484

  • SHA256

    04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa

  • SHA512

    37796ca7b04fa02eb93d2131113fc037252550e5aaf7b6b6220cd69a8ea0d7bedd33309a5155802ea5a7a36693a864a2cbea8970ac244d7262931f9f025bf53b

  • SSDEEP

    24576:N/5vgZCIqnI/wRgbNzG0HCRaqoat465rqSqPNMAvNp12Adj:5ZQqnJyGKCfdtR5rq9FM4717

Score
10/10
asyncratstormkittydefaultratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5636417446:AAGa4gvWAKcDCv7f9c8u42_399xKPfEkUlQ/sendMessage?chat_id=5331885311
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      (pass_0day)_instagram_0day.zip

    • Size

      1.1MB

    • MD5

      0a177850006ef85d74290b4b758e955b

    • SHA1

      1f69d1eea2920cd02ec202dd667e8ecd13d28484

    • SHA256

      04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa

    • SHA512

      37796ca7b04fa02eb93d2131113fc037252550e5aaf7b6b6220cd69a8ea0d7bedd33309a5155802ea5a7a36693a864a2cbea8970ac244d7262931f9f025bf53b

    • SSDEEP

      24576:N/5vgZCIqnI/wRgbNzG0HCRaqoat465rqSqPNMAvNp12Adj:5ZQqnJyGKCfdtR5rq9FM4717

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks