General
-
Target
e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132
-
Size
141KB
-
Sample
230807-cxt93sed5z
-
MD5
b672f60baad1589079450aa5549dcea3
-
SHA1
dd798979d475d6d530869fa40608c4eb18b1bd9d
-
SHA256
e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132
-
SHA512
1dcee85370b5896f31f4f964494daa62e266f8f15765cca1b3109e69bab288dbae0cc2a4b063094c9f8e28b021f406b673c203821476d0427cf9b1875c630901
-
SSDEEP
3072:V2iV5NZHXkIiwD8TW8oaqmJzJKoLC5AeOeYiFiP9njsP323MrN/Jl9:V3ZDD85oaqmJzDbCPFW9h8xJl
Static task
static1
Behavioral task
behavioral1
Sample
e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132.exe
Resource
win7-20230712-en
Malware Config
Extracted
asyncrat
CYB3R R4T 1.0.7
Default
166.88.209.145:1337
Cyb3r_R4tMutex_Cyb3rw4rrior
-
delay
1
-
install
true
-
install_file
WINSERVICE.exe
-
install_folder
%AppData%
Targets
-
-
Target
e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132
-
Size
141KB
-
MD5
b672f60baad1589079450aa5549dcea3
-
SHA1
dd798979d475d6d530869fa40608c4eb18b1bd9d
-
SHA256
e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132
-
SHA512
1dcee85370b5896f31f4f964494daa62e266f8f15765cca1b3109e69bab288dbae0cc2a4b063094c9f8e28b021f406b673c203821476d0427cf9b1875c630901
-
SSDEEP
3072:V2iV5NZHXkIiwD8TW8oaqmJzJKoLC5AeOeYiFiP9njsP323MrN/Jl9:V3ZDD85oaqmJzDbCPFW9h8xJl
-
StormKitty payload
-
Async RAT payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-