General

  • Target

    MangoModMenuV6.rar

  • Size

    157KB

  • Sample

    240401-b7mgjsab81

  • MD5

    bd4e99ffe4fb8cd896f7d7a4dde3e2a4

  • SHA1

    257b5d3ed3acf611ba1900613f9fdc08b403f8b0

  • SHA256

    274040f71c7db6b9b8b39bd4cd328c5f4e4b36141690b1727430b2b7f57adaab

  • SHA512

    ebae4f0604f4c996b6ddfc26d9038a57385f77106e989e0ef2795dee7beba74b8bf41a77fd006224c676219ad910292159babd730c1934640bc603fa1ad9e884

  • SSDEEP

    3072:59AV52Kplsr31uVYhYP0IIBjutoVxCBpm43w8lJzLj3HINP/GcciT:59AVZlsr31+YdIcSmawC0u9Q

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:5050

127.0.0.1:7570

127.0.0.1:15770

147.185.221.18:5050

147.185.221.18:7570

147.185.221.18:15770

data-programming.gl.at.ply.gg:5050

data-programming.gl.at.ply.gg:7570

data-programming.gl.at.ply.gg:15770

Mutex

2שXoXV1斯G西dYPaΒي

Attributes
  • delay

    1

  • install

    true

  • install_file

    Edge.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      MangoModMenuV6.exe

    • Size

      287KB

    • MD5

      e8eb8b148e0aea5f4d164cc403e56f92

    • SHA1

      be2f5f72cd2ace616c237089dde5e3d7713fa236

    • SHA256

      4c46d64ee256f72726d6c6cab5288e5cd34e31eeadef8d38c6cf37a50e7a5ef9

    • SHA512

      963c888744966a6d9c423e88b149c84d5af5520bb6109ce2d994014adbee6ed5d0a2d84b1ea0e687fab626922fdb417e9f6d697b4c065d0231274efd60c94bb9

    • SSDEEP

      3072:5hpYYUbd3b6SIWQrtzIWyVEIhvU2AoOBrECT3H57PXcz07dz:qLbdWSIWQrtkWyOavlIBrR3Jsz6

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks