General
-
Target
ff5974901076d59d6500da14a4d1eb8c21e6e06c7edf307c300333f0a42467b4
-
Size
956KB
-
Sample
230816-ermddsha81
-
MD5
31321f5a80d3694742fdb37cea42a4a8
-
SHA1
e1d287d52c9a567ac3eb880a2c165a25d867bcb5
-
SHA256
ff5974901076d59d6500da14a4d1eb8c21e6e06c7edf307c300333f0a42467b4
-
SHA512
2fc219412eb67976ad87a251513913130d862dbff38dcfbec8b4028267a4e81922635ca67a42359c0847e48cc4ec4006aea3e6041424bb6c9fe128bd05a0aa3f
-
SSDEEP
24576:FTELueDaKQPSDIracettRKBqHRyb9mxSTNEBt:cueemttRyUYjZ4t
Static task
static1
Behavioral task
behavioral1
Sample
ff5974901076d59d6500da14a4d1eb8c21e6e06c7edf307c300333f0a42467b4.exe
Resource
win7-20230712-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5531971933:AAG8JA2N30pvOArb-NFK-vqpR7T6tJAugJ4/sendMessage?chat_id=5566800623
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ff5974901076d59d6500da14a4d1eb8c21e6e06c7edf307c300333f0a42467b4
-
Size
956KB
-
MD5
31321f5a80d3694742fdb37cea42a4a8
-
SHA1
e1d287d52c9a567ac3eb880a2c165a25d867bcb5
-
SHA256
ff5974901076d59d6500da14a4d1eb8c21e6e06c7edf307c300333f0a42467b4
-
SHA512
2fc219412eb67976ad87a251513913130d862dbff38dcfbec8b4028267a4e81922635ca67a42359c0847e48cc4ec4006aea3e6041424bb6c9fe128bd05a0aa3f
-
SSDEEP
24576:FTELueDaKQPSDIracettRKBqHRyb9mxSTNEBt:cueemttRyUYjZ4t
-
StormKitty payload
-
Async RAT payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-