Overview

overview

10

Static

static

10

2eee592b19...75.exe

windows7-x64

10

2eee592b19...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54fc962e8963129ed9ee02f93c61ca0c.bin

  • Size

    15.8MB

  • Sample

    230225-bk7h7sbd8s

  • MD5

    725eb30f728ce886cdf99a219f2208cb

  • SHA1

    8290216b471e250a8fb238ebb9a82e1b51b13e8b

  • SHA256

    3345e3f4ddca63b46b48432dbf111bf5d300a23913ad48e87b76f17690ff93a1

  • SHA512

    06106207aaf8b0040377becbf4c57bcda4242e1a3f6490c9cf5385212306431c426449ec4f59914a3a72727701bc9308bda4a3ebcefdc79799186a568ade3d70

  • SSDEEP

    393216:vbwuLhmgASzGfaCeyxq1ZQoagwg3k07BrctTOEs7rN:jwu9XnU56Soagl712TAB

Score
10/10
asyncratstormkittydefaultpyinstallerratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6196076192:AAF99zylbr46S6zR2M6Fbv7gE0eAuYfzRmg/sendMessage?chat_id=927024838
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2eee592b19e01789f384e99ce780785722a66f6abd6a01db3a135f7840892275.exe

    • Size

      16.4MB

    • MD5

      54fc962e8963129ed9ee02f93c61ca0c

    • SHA1

      b08648d5517b81f6cbc3f5769375d0df70242c65

    • SHA256

      2eee592b19e01789f384e99ce780785722a66f6abd6a01db3a135f7840892275

    • SHA512

      d84dd713d757cb0e7948706536ed84ff2fd0e354c61deca7ef0f17c87940683d40a3eee616d1f93c8d5d1c73f22642d547fbfdb5b47517e6cadfa374a4272bdc

    • SSDEEP

      393216:ou7L/1edQ2l6+9Joaw2N+mzW8+OQwGJLaX4FcYqP:oCLdedQm9Jq2NZW8+hVc

    Score
    10/10
    asyncratstormkittydefaultpyinstallerratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks