General
-
Target
setup.exe
-
Size
273KB
-
Sample
240404-pjd26afe97
-
MD5
354b786f93892eb89a5d1f9469b827e7
-
SHA1
075a2861c17b9b3e6dba1a35fd86587b35566e96
-
SHA256
7dab8365cb8f7b005b4b8218f18d5da6a73bfb66cf9359a02ea195633048b8c2
-
SHA512
e75bf8ac10fec2e8c4da2ed7a79937c8772452563cef484daf8e7929eb1d7fb12a087013c0cd7f9636cf530f949cc0fd3c6dc38114775d576a8e74cb2af8ed9a
-
SSDEEP
3072:Ne8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gT7wARE+WpCMBz65/M6If+3J3:R6ewwIwQJ6vKX0c5MlYZ0b2syxBt25
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6945743124:AAG8ieJ1VlUNWPUmGHnXTsQtOipwOr2dmlQ/sendMessage?chat_id=6067717150
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
setup.exe
-
Size
273KB
-
MD5
354b786f93892eb89a5d1f9469b827e7
-
SHA1
075a2861c17b9b3e6dba1a35fd86587b35566e96
-
SHA256
7dab8365cb8f7b005b4b8218f18d5da6a73bfb66cf9359a02ea195633048b8c2
-
SHA512
e75bf8ac10fec2e8c4da2ed7a79937c8772452563cef484daf8e7929eb1d7fb12a087013c0cd7f9636cf530f949cc0fd3c6dc38114775d576a8e74cb2af8ed9a
-
SSDEEP
3072:Ne8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gT7wARE+WpCMBz65/M6If+3J3:R6ewwIwQJ6vKX0c5MlYZ0b2syxBt25
-
StormKitty payload
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-