General
-
Target
04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa.zip
-
Size
1.1MB
-
Sample
230117-h4tj1sca83
-
MD5
0a177850006ef85d74290b4b758e955b
-
SHA1
1f69d1eea2920cd02ec202dd667e8ecd13d28484
-
SHA256
04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa
-
SHA512
37796ca7b04fa02eb93d2131113fc037252550e5aaf7b6b6220cd69a8ea0d7bedd33309a5155802ea5a7a36693a864a2cbea8970ac244d7262931f9f025bf53b
-
SSDEEP
24576:N/5vgZCIqnI/wRgbNzG0HCRaqoat465rqSqPNMAvNp12Adj:5ZQqnJyGKCfdtR5rq9FM4717
Static task
static1
Behavioral task
behavioral1
Sample
04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa.zip
Resource
win10-20220901-en
Behavioral task
behavioral2
Sample
04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa.zip
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5636417446:AAGa4gvWAKcDCv7f9c8u42_399xKPfEkUlQ/sendMessage?chat_id=5331885311
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa.zip
-
Size
1.1MB
-
MD5
0a177850006ef85d74290b4b758e955b
-
SHA1
1f69d1eea2920cd02ec202dd667e8ecd13d28484
-
SHA256
04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa
-
SHA512
37796ca7b04fa02eb93d2131113fc037252550e5aaf7b6b6220cd69a8ea0d7bedd33309a5155802ea5a7a36693a864a2cbea8970ac244d7262931f9f025bf53b
-
SSDEEP
24576:N/5vgZCIqnI/wRgbNzG0HCRaqoat465rqSqPNMAvNp12Adj:5ZQqnJyGKCfdtR5rq9FM4717
-
StormKitty payload
-
Async RAT payload
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-