General
-
Target
f11076af54ec9acb4f0218b3555dade52c413ec82b70eab8cbdbcf239f714168
-
Size
175KB
-
Sample
230804-ggwv7aag9w
-
MD5
42a1e3b409eedc1e91ddb15a6d974631
-
SHA1
686e9471254f8e83a371b3baf14b2e1af8067be8
-
SHA256
f11076af54ec9acb4f0218b3555dade52c413ec82b70eab8cbdbcf239f714168
-
SHA512
e7d2566067fe246e8457dfff3cdf858d2e8af77eb24485f1db8a48f262b0ebc64d3fb23a41d99f1fe2ccd0402254ad6e3356e07f6a9c2c1f73b32a5eed064286
-
SSDEEP
3072:pe8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTQwA5E+WpCc:l6ewwIwQJ6vKX0c5MlYZ0b2p
Behavioral task
behavioral1
Sample
f11076af54ec9acb4f0218b3555dade52c413ec82b70eab8cbdbcf239f714168.exe
Resource
win7-20230712-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6344684660:AAGXrpqdaK0q1IRHucqGtufZQ89XqYNopIY/sendMessage?chat_id=1412038683
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
f11076af54ec9acb4f0218b3555dade52c413ec82b70eab8cbdbcf239f714168
-
Size
175KB
-
MD5
42a1e3b409eedc1e91ddb15a6d974631
-
SHA1
686e9471254f8e83a371b3baf14b2e1af8067be8
-
SHA256
f11076af54ec9acb4f0218b3555dade52c413ec82b70eab8cbdbcf239f714168
-
SHA512
e7d2566067fe246e8457dfff3cdf858d2e8af77eb24485f1db8a48f262b0ebc64d3fb23a41d99f1fe2ccd0402254ad6e3356e07f6a9c2c1f73b32a5eed064286
-
SSDEEP
3072:pe8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTQwA5E+WpCc:l6ewwIwQJ6vKX0c5MlYZ0b2p
-
StormKitty payload
-
Async RAT payload
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-