Resubmissions

23/12/2023, 10:41

231223-mq3b8aegep 10

23/12/2023, 10:25

231223-mgdmhaegdp 10

General

  • Target

    telegram+discord.zip

  • Size

    1.1MB

  • MD5

    f4ac18b81490cef062437ef91d9978a3

  • SHA1

    10db89f6436d47af15899a77d20478731de57472

  • SHA256

    d370e3137088b60aef32f18a535f73be8deeb7aa168639a1bc04f373f50ee88b

  • SHA512

    315fe1960fea33f3f5237f899f3442512318a1e477e98d4b4ac3e6d9c138f99073848e26f483b4a46786c4ca6cd6d7763646f699d8a2a95230496117a23c36c7

  • SSDEEP

    24576:py1TINQqUrVlskDobvRvQ+YsLeCDCG4kiQO593Tq:QNIHUBlzuvRDYsLf1iQOv3u

Malware Config

Extracted

Family

invictastealer

C2

https://discord.com/api/webhooks/1188061798528716801/D77SxBvLMy5YYF4k7wJBWj7OUZkf938cAWbclFFSX52NRBAyZASKcq_eq9P0X66HWMDI

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6718200608:AAHsv5HWjc41bwrxVtW7RKEn2Jy54j81b6A/sendMessage?chat_id=1459867608

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Invictastealer family
  • StormKitty payload 1 IoCs
  • Stormkitty family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • telegram+discord.zip
    .zip

    Password: 123

  • InvictaStealer.exe
    .exe windows:6 windows x64 arch:x64

    Password: 123

    2d5aa2bacb12ffd10966c83ca6563356


    Headers

    Imports

    Sections

  • Server.exe
    .exe windows:4 windows x86 arch:x86

    Password: 123

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections