General

  • Target

    5c206519b44d99681aa637386f513175572ec510e83ef24590f5310fd41f373c

  • Size

    153KB

  • Sample

    231004-b7zf4sad28

  • MD5

    e84a915d79c314913805b4e80ab9dce4

  • SHA1

    d846882c900f3ca934a97f116bf8d722c1a97eaf

  • SHA256

    5c206519b44d99681aa637386f513175572ec510e83ef24590f5310fd41f373c

  • SHA512

    ffa26cae3637f42b9520b128014bdc4cac1fe79d30f563e7f50ac675e3d46a3684e344a07eef0b423a454185a4146fdbc10041015a2324e9ad61fa31e92f90e3

  • SSDEEP

    3072:biCdyosa5JqQgCQBvB4dvAWgMK/pvELvFRaKjiPAw3srUY6uTT:biC8osTpfvBYIWgp/6bFAK3wcoY6KT

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

79.134.225.113:9346

Mutex

KωUORNيקzXשuZ伊Ufo开MΖ

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PROFORMA INVOICE.exe

    • Size

      169KB

    • MD5

      ea3090debf7241bf0c754c6e30c4a46c

    • SHA1

      f238fbb8bfe0e8c417e9b7ba8e192cd9948c88d2

    • SHA256

      0f757aaa17a6d470967a7e011d6016985dafeaaf409d72a008f970e827894065

    • SHA512

      4f50447ae754e839d9ea8b013ee0a5fe51ce3996e1745c18fe87c70fad3bdab3d2cdf38e4e77d057671d8c470523c329758ee09cc3e55af9c2a1560d9ffd9a74

    • SSDEEP

      3072:hR+GZNq7KCQBvB4jvA6gMqEqF2A0K0jyzWiPAwHsrUYMP4qY:h3e+fvBMI6gTTF2A07jy+wMoYJq

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks