General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
asyncrat
Botnet
Default
C2
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6123399090:AAHe0LPn_e2tZLMjvzDttAXhWJ3Emna58XM/sendMessage?chat_id=6080368456
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Targets
-
-
Target
https://www.mediafire.com/file/c0dvqbkedf49qco/Spotify+Brute+Checker+By+ACTEAM.rar/file
-
StormKitty payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Async RAT payload
-
Executes dropped EXE
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-