General
-
Target
stealer.bat
-
Size
175KB
-
Sample
240402-n4ct6ahb5w
-
MD5
596f992b0cb14af2415960d1997ca067
-
SHA1
826a1cde76df3d2d60d20afdd2a1d4c240ec952d
-
SHA256
4bf2c1b7a1126a9d4d763825d83b74bda139d0966f6846588638b33416a52e40
-
SHA512
4fbd1ab7b1fd6db9687862f2bc14060ccabc3758957b41522931d98180924d3d5eea4015e2d8c120f13e5effa48f466b01af18ffd14c3eafcbe5ac8ac217a6ee
-
SSDEEP
3072:re8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTvwAqE+Wpor:WXtb5KcXr7XmfgqtjhAxZ0b2k
Behavioral task
behavioral1
Sample
stealer.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
stealer.bat
-
Size
175KB
-
MD5
596f992b0cb14af2415960d1997ca067
-
SHA1
826a1cde76df3d2d60d20afdd2a1d4c240ec952d
-
SHA256
4bf2c1b7a1126a9d4d763825d83b74bda139d0966f6846588638b33416a52e40
-
SHA512
4fbd1ab7b1fd6db9687862f2bc14060ccabc3758957b41522931d98180924d3d5eea4015e2d8c120f13e5effa48f466b01af18ffd14c3eafcbe5ac8ac217a6ee
-
SSDEEP
3072:re8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTvwAqE+Wpor:WXtb5KcXr7XmfgqtjhAxZ0b2k
-
StormKitty payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-