General
-
Target
otpbulderzerodayexploitware.rar
-
Size
11.7MB
-
Sample
240315-rablsacd25
-
MD5
1f2b2a28ec02eeab79b98378d6b59cd2
-
SHA1
d5e222e2939c6b125bb140ccecd7aa9f1d4b96b4
-
SHA256
3023f261abee740b0f8c8866adb0751d7b8c51b7e3eeb1d8f6d3ef5219d745e9
-
SHA512
88051b3f0572138802b69f256e1679298ccd6428c5b7a8782e548266682bf0860f860134d1fb7622b0fcc49e1b11869181718f594b5a115163a7e2ff19d0448d
-
SSDEEP
196608:6lvx2B4ykfEC3wbWCmQVkMlaGG461J4mgTWOzPDudaaXiL3c:6r2B4HfBsfVXlah2jWvdazQ
Static task
static1
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6381067446:AAEZEWH8wbF7Q1Kou81_S0sE6VwJZGJKneM/sendMessage?chat_id=5901231421
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
otpbulderzerodayexploitware.rar
-
Size
11.7MB
-
MD5
1f2b2a28ec02eeab79b98378d6b59cd2
-
SHA1
d5e222e2939c6b125bb140ccecd7aa9f1d4b96b4
-
SHA256
3023f261abee740b0f8c8866adb0751d7b8c51b7e3eeb1d8f6d3ef5219d745e9
-
SHA512
88051b3f0572138802b69f256e1679298ccd6428c5b7a8782e548266682bf0860f860134d1fb7622b0fcc49e1b11869181718f594b5a115163a7e2ff19d0448d
-
SSDEEP
196608:6lvx2B4ykfEC3wbWCmQVkMlaGG461J4mgTWOzPDudaaXiL3c:6r2B4HfBsfVXlah2jWvdazQ
-
StormKitty payload
-
Async RAT payload
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-