General

  • Target

    llllllllllll.exe

  • Size

    319KB

  • Sample

    240331-n3sh8aah9x

  • MD5

    e88dafe32615d5f8edc3b80b5c2a23d4

  • SHA1

    1ebe10f65776e1a0b6aa3f7f974535cf4d53e941

  • SHA256

    ee3711e660260539f1fcd84f2546e0bffad1c16e08046e9218aa202f0bf4a233

  • SHA512

    7fa50d58922a24908e81c8a542eadab0114b44e92e2f4e2ec6edfcf1e266dea4e38a68f6bb4b36d02a0e90a84c4f5c025c150d039191a882abef256ac74dd6bb

  • SSDEEP

    6144:SDh4Apb/Luvs69FzUoEorJzgjWj46kxujysZo7HBCdwyauYd/VB:SDh4gbjuvs+FvE+OWj463jyIqHBCdZaP

Malware Config

Targets

    • Target

      llllllllllll.exe

    • Size

      319KB

    • MD5

      e88dafe32615d5f8edc3b80b5c2a23d4

    • SHA1

      1ebe10f65776e1a0b6aa3f7f974535cf4d53e941

    • SHA256

      ee3711e660260539f1fcd84f2546e0bffad1c16e08046e9218aa202f0bf4a233

    • SHA512

      7fa50d58922a24908e81c8a542eadab0114b44e92e2f4e2ec6edfcf1e266dea4e38a68f6bb4b36d02a0e90a84c4f5c025c150d039191a882abef256ac74dd6bb

    • SSDEEP

      6144:SDh4Apb/Luvs69FzUoEorJzgjWj46kxujysZo7HBCdwyauYd/VB:SDh4gbjuvs+FvE+OWj463jyIqHBCdZaP

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks