General
-
Target
MiniMailViewer_v_1.0.rar
-
Size
12.5MB
-
Sample
230330-qs9qvsch25
-
MD5
bb9a79ed7a541d4089aeb8b05c7ab3a9
-
SHA1
9cd02770f9f0c8043a71f1e9925a99d2b93eec35
-
SHA256
d4f606975c5dc4f91da1fef083b268f5d838f8c3ddfe7d27d48d6c3becee2c71
-
SHA512
24577491816ca0dbd02cd462bab28fbbe9d3627414b8025eabb03b53d581f6ce4e6d7d1650c9b85efe155b314886d00b3df0f2c2d1426ef98a18133924a230f0
-
SSDEEP
196608:2Ih3mUnPwL/pYH11ve3hR7eOet0KhqEAIwHYalwQWx6ouNZJawvrDtGiF+8o/p:KYKCve3hR7eOet0KwQwHYRDsouu4UYs
Static task
static1
Behavioral task
behavioral1
Sample
MiniMailViewer v 1.0.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6147793322:AAHTVudVUVXc92ziWPx0CDEkR5vaWKQBP5Q/sendMessage?chat_id=951752454
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
MiniMailViewer v 1.0.exe
-
Size
3.4MB
-
MD5
6fa7ea166a499f9d827b54d4a5fd6de3
-
SHA1
d00598a9b75168f2b25e571402a2bee97a10d35d
-
SHA256
8eb2bbe1b331f25452e434b4a1c4ebb3b5d77211a37caf73ad8ac8979c519a1e
-
SHA512
119d6af71d971d8803b42467e4660e2c32c64e762be8872b2d805bc2f33ca8105f605b8ef6863bda2f40b7d3a65f1683e275e88ed0e6b4f270458b7bb4cc8a2b
-
SSDEEP
49152:cttUzzug6iXrB++PnumKOATnAp34nDuI+ofqlRjmqKHkd0MKtcPKXVZOutbP:cttUzag6i7amVATznD9vSvsEdbKiSXn
-
StormKitty payload
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-