Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

02/02/2024, 15:59

240202-te4t8scbdp 10

02/02/2024, 15:54

240202-tcesbscahk 10

General

  • Target

    SMS sender 2023.zip

  • Size

    6.7MB

  • Sample

    240202-te4t8scbdp

  • MD5

    80f5628447dc7fcba82df2d1b0a4b46e

  • SHA1

    bc8d7dd669bf73f0dca515056aa207aa3ac8386a

  • SHA256

    920ee4d6e16da14af70de3df554004024590cd31ac4b57c5338761b7838b3291

  • SHA512

    f70d01ec564e6cfecf011e5097712197d8e60405d9a123aa7a3ebecb17a3171a822aea090c79850c0ef750b568a7ff2f5cedb911b56db789f4293c98ac04389a

  • SSDEEP

    98304:6nU5cAAMcMaidXUyN48SvdAbjy5Eybnb0glIEaBaevVBHFyi07PAfbvYlRGiprNb:BaMDPkAMFOcEyvhGbvHFyBP+bkpA+8EP

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      SMS sender 2023/SMS sender 2023/7z.dll

    • Size

      1.6MB

    • MD5

      72491c7b87a7c2dd350b727444f13bb4

    • SHA1

      1e9338d56db7ded386878eab7bb44b8934ab1bc7

    • SHA256

      34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

    • SHA512

      583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

    • SSDEEP

      24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/7z.exe

    • Size

      458KB

    • MD5

      619f7135621b50fd1900ff24aade1524

    • SHA1

      6c7ea8bbd435163ae3945cbef30ef6b9872a4591

    • SHA256

      344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

    • SHA512

      2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

    • SSDEEP

      6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      3551343fab213740bbb022e3a6dcf27b

    • SHA1

      de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

    • SHA256

      5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

    • SHA512

      e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

    • SSDEEP

      49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/FastColoredTextBox.dll

    • Size

      323KB

    • MD5

      8610f4d3cdc6cc50022feddced9fdaeb

    • SHA1

      4b60b87fd696b02d7fce38325c7adfc9e806f650

    • SHA256

      ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9

    • SHA512

      693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09

    • SSDEEP

      6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/Fixer.bat

    • Size

      2KB

    • MD5

      f270d92aa6bc1f8e856de4671e0d8e11

    • SHA1

      18f9bd65e741b75e46bb3bf5574043a619148138

    • SHA256

      bc1d78f54d3aedc89745d2703cdc78d89a852d930d180088a85f212683ecb5f7

    • SHA512

      ec90fa4d06c843d252aef4c816175a6c9cf03de8f1e900bf529147da1398561c71099d24d52cef5122e0c0812216a37d17d7b9f27f7fd05c073ddf21a7f1dd5f

    Score
    5/10
    • Drops file in System32 directory

    • Target

      SMS sender 2023/SMS sender 2023/IconExtractor.dll

    • Size

      10KB

    • MD5

      640d8ffa779c6dd5252a262e440c66c0

    • SHA1

      3252d8a70a18d5d4e0cc84791d587dd12a394c2a

    • SHA256

      440912d85d2f98bb4f508ab82847067c18e1e15be0d8ecdcff0cc19327527fc2

    • SHA512

      e12084f87bd46010aded22be30e902c5269a6f6bc88286d3bef17c71d070b17beada0fe9e691a2b2f76202b5f9265329f6444575f89aff8551c486eafe4d5f32

    • SSDEEP

      192:7f77J4cGYyfQknxLvIgyLY5xJeU5pPpZlEAs:HS2yINgyLYLJR5wl

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/InstallResources.dll

    • Size

      6KB

    • MD5

      55cb3cc8ac1765722e2afbd0ae212670

    • SHA1

      f9d56678efcaac7627aff6942a0dac4b04dc72e9

    • SHA256

      659821c6f712728a43a28684b4c01fdc8b24d19c5987311a399bb5adf9865cc0

    • SHA512

      35e43fcdc69fce09069379db5fb909767c1c2192b1989031da548b72791974ddde37c0525d37e376c114aef9f340253e3d2a3c3b51b430f565c9e86f66727875

    • SSDEEP

      48:6AtQepWe75PzGpXkRVP2dRo0C2OcPrqfJMJdgSmnvE0F39dTdv9Gj8xE+sgd/nu5:7XWeFkXGP2//OKNgSqZd9dG1+dGWY2

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/SMS sender 2023.exe

    • Size

      226KB

    • MD5

      24dd26630b048cde008c05f926175a9b

    • SHA1

      0b96f1ebd9b1be405c6e69aecb266089cd406ea7

    • SHA256

      dba3b96b00b793eeccc62c2f973034a8813e6449f76a4dfdc9a2b0c38936b32f

    • SHA512

      a869a5a768577552ed5fdd0f1957462d743254ec48ee75f6cfbd36a570c41e1b7c4f0f59eed5e6300ba100a958f4c883aa72d631e4b56a51596d395269c58eeb

    • SSDEEP

      3072:N+STW8djpN6izj8mZw2g7uB1NUbBYp2TCnazbZHPzpq/Vp+8E89Fk6+Wp0:S8XN6W8mm2bnUbK2qazbZHl+F

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Target

      SMS sender 2023/SMS sender 2023/Siticone.Desktop.UI.dll

    • Size

      1.9MB

    • MD5

      57fc4e4d25e1ed835fb3debf621c4a4d

    • SHA1

      680f898faac1a6c79842bcccf8719685a334da21

    • SHA256

      cf56e38a212a643cadeb7c80261e16835a256b5bcda4ed3630c6e91abdf580e2

    • SHA512

      b4186dcbbb26bfaae7260ae323143c6ae913f78c9e3021f7d0d087acf735607c3cb41cd1103cce6d98bf4f9dd360016d1606fed3922bf28e7f47e7993526a978

    • SSDEEP

      24576:M2KGb9hNceHgbTV2Qjp7vwExB90k9athKlyLROuk+fnUJ:lqqQT0k9aGlyNOyny

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/Siticone.UI.dll

    • Size

      1.3MB

    • MD5

      750c58af2e56b6addecffcf152520ab8

    • SHA1

      14995e7f1d12498606d9d209d78d55fe6fd87802

    • SHA256

      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

    • SHA512

      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

    • SSDEEP

      24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/Stub/DotNetZip.dll

    • Size

      448KB

    • MD5

      6d1c62ec1c2ef722f49b2d8dd4a4df16

    • SHA1

      1bb08a979b7987bc7736a8cfa4779383cb0ecfa6

    • SHA256

      00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c

    • SHA512

      c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2

    • SSDEEP

      6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/Stub/Stub.exe

    • Size

      165KB

    • MD5

      42d8629b369faad755daeb690519f265

    • SHA1

      6150c6865d440cd454d212312226e0eaeadc3d24

    • SHA256

      014f68a3f73a8c94a12fa9842f12fc87ce2ad600dfe7fddea2ff7bc7ec79058f

    • SHA512

      0b4139ad76944781fdece58f5318572b75bc3e367a7f01ce124495cc8c30daf8e512f0be77b7998aca21a0e03539f43f6e9fc7d4475b5573f54b19ad1e6d9a3d

    • SSDEEP

      3072:Xj5R5s6Fmrw8bw4gSnaxkWdDzXqIPu/i9bOO2cq6+WpDheMGnWc:1mrw8E4gqanDbXPSi9bpMR

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Target

      SMS sender 2023/SMS sender 2023/System.Data.SQLite.dll

    • Size

      356KB

    • MD5

      ecab575dd9faa510f9d7bb67c55e0213

    • SHA1

      b9d5af76d8df1c4ee4ccba33b2afa8300952d923

    • SHA256

      19ad18ad0a128f690667c7239dbaf89629abe43a6bb365bac295b72a8cc26318

    • SHA512

      22ba1f1f9f92510db76833baac3703d144d0b908539bafc1bf8f9504eed3b5b82d3236d9a914b714e97753c9d7fcd39ec59d3dd090ad1e48371389e6619c1455

    • SSDEEP

      6144:oVkOGvp0ezfbg1+w9MCdwqKOoPK3LE4bFNFaFeFOFwcGF6cmFWc0FWc8cIcKcUFb:3pJUBwq9FNFaFeFOFwcGF6cmFWc0FWcH

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/ToolBelt.dll

    • Size

      100KB

    • MD5

      d8e740cd66a65acb11cacca09f5d8c00

    • SHA1

      d13dbd33052b968dff8d5f709b6ec2442c034bdb

    • SHA256

      f224fe820cb09419f63ee64911d988139c2da30a79b9c577d946ec7ecb18b20d

    • SHA512

      de07d1ecada7a9dc453fd6de574de134f1a8cbcf3b5d9187e7b3f3c07a509314e89df60e5609cc13eba8299ac7bcf6db9d0dd8adb5559d39ee7c9bac198e9e5e

    • SSDEEP

      3072:6GOjV6k+mhOqwl53DQqGljT/DtKQHkHDZ:6FQ7mAqw33cqGljT/DtKQ2

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/cGeoIp.dll

    • Size

      2.3MB

    • MD5

      6d6e172e7965d1250a4a6f8a0513aa9f

    • SHA1

      b0fd4f64e837f48682874251c93258ee2cbcad2b

    • SHA256

      d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

    • SHA512

      35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

    • SSDEEP

      24576:TRgJE8pkCLLe/K43EnnnclQwIqJY0OjklWXQMFBRpmkL/59ah0USm3uwl00odi9p:TRgfX/59a6USdi9Ues6bV6boLO6r

    Score
    1/10
    • Target

      SMS sender 2023/SMS sender 2023/dnlib.dll

    • Size

      1.2MB

    • MD5

      a35b13c0996f83ab97a83205a3653cf4

    • SHA1

      97bd8754e4baca421fcf5d9b42ec759b13f2afb3

    • SHA256

      81567965f22b9065d9e41f3c6cd75855b360c2b5e74d4a149c9e049f56782f5b

    • SHA512

      5570a899d87768f9088810790a5962bb4875f08eba94d7e7f7f1b245dbfd22d121f81163db5d2b00b3a26720ba6ae4b52873391cab18b4ccacb86cb55fdb971c

    • SSDEEP

      12288:4ztF8lIxmFE8Ae2wx4i77vZHfLDAeBopgVU732A5HxUPwxTjMD4CITBC5v7f79nW:4OIYCDvw6iNAekgglRTBh1C5v7fUhb

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

ratdefaultasyncratstormkitty
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
5/10

behavioral10

Score
5/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

asyncratstormkittydefaultratspywarestealer
Score
10/10

behavioral16

asyncratstormkittydefaultratspywarestealer
Score
10/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

asyncratstormkittyratstealer
Score
10/10

behavioral24

asyncratstormkittyratstealer
Score
10/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10