Overview

overview

10

Static

static

10

avast_driv...up.exe

windows10-1703-x64

10

Resubmissions

08/04/2024, 10:32

240408-mkyf3sac8s 10

02/04/2024, 18:48

240402-xf825aac29 10

02/04/2024, 18:47

240402-xfpngsac4s 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    avast_driver__online_setup.zip

  • Size

    109KB

  • MD5

    9e6635e0ef6a723bd9e84d5fe6eceadd

  • SHA1

    f90f74890e6c0b5a6d256aae2bfe3857b70fe25b

  • SHA256

    f0fac8d0bb31f5fe76a44824608d8f36d8100d913662c68a8cc23b5ab756479c

  • SHA512

    5227263d30f0816bef5d345b60b7565522462b0308a4ae9f638ef9afda8d616c69eda803fc080f67c5f33517fe66d514fd906d07a967563e777e782a7f9562d7

  • SSDEEP

    1536:QNcVfRMMKvZGf1LVFPcxh7eCNt2IYNhvt4MASR/UlCLGDFbMBpeA5CPJCRsN7WSG:TVJMMpf1LXyb1chvVUlCZE9JhsEY

Score
10/10
ratdefaultasyncratstormkitty

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5601974118:AAFQl5HdRhbpZqqPLsKRP0nm_iqbQL_jNto/sendMessage?chat_id=5561212498
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • avast_driver__online_setup.zip
    .zip
  • avast_driver__online_setup.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections