General
-
Target
Adobe Photoshop.exe
-
Size
49KB
-
Sample
240331-3p9b5sfe4s
-
MD5
b75ad3f5b6ddb8c96ab2eae0d2a977ec
-
SHA1
2a726f2753d97f50a658f109f43c78bb118dfca2
-
SHA256
4dfe3a7f19de34169eb850bf014ddd21603719115b5fc622cc1731e555f651ed
-
SHA512
52b81afe357394e298a02ad100a4a07a6a1dc1c7937f2487568ff0a299885913e1ec54a84db66d96d79c3b5e34409847d76597b45735dbbe57b8b5b661eef8be
-
SSDEEP
768:3NJXw9WvC9nPpT3RSW/Cv2YzidgYRUTO9PdKqz1QB6SRm1/vrOV8TMBG/IL:3NJg9WAPuDzivGK9P1QoSu/aV/Y/IL
Static task
static1
Behavioral task
behavioral1
Sample
Adobe Photoshop.exe
Resource
win10-20240221-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
sfadasdas
127.0.0.1:4449
127.0.0.1:8080
162.238.154.3:4449
162.238.154.3:8080
vwbvnjxghdq
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Adobe Photoshop.exe
-
Size
49KB
-
MD5
b75ad3f5b6ddb8c96ab2eae0d2a977ec
-
SHA1
2a726f2753d97f50a658f109f43c78bb118dfca2
-
SHA256
4dfe3a7f19de34169eb850bf014ddd21603719115b5fc622cc1731e555f651ed
-
SHA512
52b81afe357394e298a02ad100a4a07a6a1dc1c7937f2487568ff0a299885913e1ec54a84db66d96d79c3b5e34409847d76597b45735dbbe57b8b5b661eef8be
-
SSDEEP
768:3NJXw9WvC9nPpT3RSW/Cv2YzidgYRUTO9PdKqz1QB6SRm1/vrOV8TMBG/IL:3NJg9WAPuDzivGK9P1QoSu/aV/Y/IL
-
StormKitty payload
-
Async RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1