General
-
Target
a9a8fc726641597330943a5922886eca.bin
-
Size
36.6MB
-
Sample
230319-wtjtqahe63
-
MD5
a040bc34d85c204fa65300bb118172f9
-
SHA1
0b31b1e677617d6bd2f2b4aae4dc53fce915e7ae
-
SHA256
252b2467ec3c7b98d2cf8202bae33a69d5c89353de9106c6c57af1a9d7e2afc5
-
SHA512
a0d97e22d2e56bb0844b406c76fae009620d939a3365e2eab86d4fb05016182021470436b2770e051e1b6fb01e50ea0f4a0660f515a742a90a304445b9ad06fa
-
SSDEEP
786432:jY9g6WUfWKgb583uzXo9gUfUZnb2IuGBd2EUXJSYcUJ7BeY2z9gW7fP1C/:M4+gb58MXo9lGniXJBJ7Be39ZfPU/
Static task
static1
Behavioral task
behavioral1
Sample
a9f4b51b2d4d65ba2108893ffa380108325d5829ef6dd0610d42a626195e60c3.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Database
security70.duckdns.org:55085
6980692037
-
delay
1
-
install
true
-
install_file
snetcfg.exe
-
install_folder
%AppData%
Targets
-
-
Target
a9f4b51b2d4d65ba2108893ffa380108325d5829ef6dd0610d42a626195e60c3.bin
-
Size
54.5MB
-
MD5
a9a8fc726641597330943a5922886eca
-
SHA1
91924f6c9ceea1c42f8f953c2fc3fb0224dfe6dc
-
SHA256
a9f4b51b2d4d65ba2108893ffa380108325d5829ef6dd0610d42a626195e60c3
-
SHA512
362145d6f6680d8782e1a3831a699cd1cfca3d6861dbdd4bd870a9de1d62a1de3e84f35d8d6e6366d91d1ecfb4557d4a93a23bbc1d08730b2735beeb4e6a5e33
-
SSDEEP
1572864:j5YSfbEqkAk2YMbj4QYJK5lTyeA6cdb6cypx+uMx:zVkAk2YMbjmeAXUeu
-
StormKitty payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-