General

  • Target

    file.exe

  • Size

    143KB

  • Sample

    230508-j5ja4sbd7s

  • MD5

    a28038e031eeff1996f7b0040ba40487

  • SHA1

    fe80c042e5b20cd00f90cdcab9ff4479a49bcd5c

  • SHA256

    e1c703f3c6da6029076e959d500aed7d9f104d258d22381eafc8fd8b9ebdae00

  • SHA512

    5834ed9b5d66522b82885482cf45e58d4c2c44b2b42bdc12a4af141e8f5a54024f4cb723c0c1e94978d5031d64872937d5c88a01f9d371d9f8a9c67f6ed78908

  • SSDEEP

    3072:G3YO5kKdXRRurjsL/Tuny9b34GZIKRWpgH3pf2z:qYOV+sTTgy9boLZ

Malware Config

Targets

    • Target

      file.exe

    • Size

      143KB

    • MD5

      a28038e031eeff1996f7b0040ba40487

    • SHA1

      fe80c042e5b20cd00f90cdcab9ff4479a49bcd5c

    • SHA256

      e1c703f3c6da6029076e959d500aed7d9f104d258d22381eafc8fd8b9ebdae00

    • SHA512

      5834ed9b5d66522b82885482cf45e58d4c2c44b2b42bdc12a4af141e8f5a54024f4cb723c0c1e94978d5031d64872937d5c88a01f9d371d9f8a9c67f6ed78908

    • SSDEEP

      3072:G3YO5kKdXRRurjsL/Tuny9b34GZIKRWpgH3pf2z:qYOV+sTTgy9boLZ

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks