General
-
Target
0x000d00000001231a-7.dat
-
Size
175KB
-
Sample
240415-kq3xmsda3z
-
MD5
03c26f9adbebd81f75300a22979d475e
-
SHA1
8d10f68a2ef94e2cd9fbb015bf7885a71d9709bd
-
SHA256
4ff2fde65efb563f5e895f398ed45ef76ae9284a31ffbe5f15494979fce2915a
-
SHA512
a4b7f2b13b869354cd8356b3469600a45b63462b3d3fda253f501af6ab47a2621c7b60601ec7f5fb85b2d46b383c25440fc994f8fa2023c1b4b80492dac21a90
-
SSDEEP
3072:Qe8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTZwARE+WpCc:E6ewwIwQJ6vKX0c5MlYZ0b22
Behavioral task
behavioral1
Sample
0x000d00000001231a-7.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
0x000d00000001231a-7.dat
-
Size
175KB
-
MD5
03c26f9adbebd81f75300a22979d475e
-
SHA1
8d10f68a2ef94e2cd9fbb015bf7885a71d9709bd
-
SHA256
4ff2fde65efb563f5e895f398ed45ef76ae9284a31ffbe5f15494979fce2915a
-
SHA512
a4b7f2b13b869354cd8356b3469600a45b63462b3d3fda253f501af6ab47a2621c7b60601ec7f5fb85b2d46b383c25440fc994f8fa2023c1b4b80492dac21a90
-
SSDEEP
3072:Qe8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTZwARE+WpCc:E6ewwIwQJ6vKX0c5MlYZ0b22
-
StormKitty payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-