General
-
Target
WORLDWINDCLIENT.exe
-
Size
170KB
-
Sample
230223-wmc3laaf5t
-
MD5
c5b14988a634290901e25cf261fcfbb0
-
SHA1
ec9571fd5feda45ab7437fc3bd2cc0976bb8b4ad
-
SHA256
0364fc0badf7144886958fe832aa110007b6f3e766483fd5c5462d0eb48a3de8
-
SHA512
1fb15cbb934dbad5f954a2ff450b78c7d769a644610da9a7afc2351a9cd56adc8fc001e3a84292b344d14bbd9d3b9ccffa6b3f313257bf949439452e982aee8d
-
SSDEEP
3072:++STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2c4c6+Wp7:j8XN6W8mmHPtppXPSi9b4i
Behavioral task
behavioral1
Sample
WORLDWINDCLIENT.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6196076192:AAF99zylbr46S6zR2M6Fbv7gE0eAuYfzRmg/sendMessage?chat_id=927024838
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
WORLDWINDCLIENT.exe
-
Size
170KB
-
MD5
c5b14988a634290901e25cf261fcfbb0
-
SHA1
ec9571fd5feda45ab7437fc3bd2cc0976bb8b4ad
-
SHA256
0364fc0badf7144886958fe832aa110007b6f3e766483fd5c5462d0eb48a3de8
-
SHA512
1fb15cbb934dbad5f954a2ff450b78c7d769a644610da9a7afc2351a9cd56adc8fc001e3a84292b344d14bbd9d3b9ccffa6b3f313257bf949439452e982aee8d
-
SSDEEP
3072:++STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2c4c6+Wp7:j8XN6W8mmHPtppXPSi9b4i
-
StormKitty payload
-
Async RAT payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-