General
-
Target
tmp
-
Size
605KB
-
Sample
240416-bds28sdb63
-
MD5
78f7efed48c531657b84cd66911c7eef
-
SHA1
eedcf0f081c78adfcefe3e9208bc83b252f1b4aa
-
SHA256
40ba4a68575cda8b4da56ef2efae3f3c217bf7b78d68c29086e86d324d3ebffa
-
SHA512
519a27a1d28e855d2b8c128f8723200ff7f790069f8087a2c6470e8437b12192a444a79ff4024cf278215db718391e770b783dc167ea321efbfc76e2411c26df
-
SSDEEP
12288:JvqsfIozrJqppjn1rmq12WaD+1Fri1xbcR:h9vrMjn1r5aCjg9cR
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
tmp
-
Size
605KB
-
MD5
78f7efed48c531657b84cd66911c7eef
-
SHA1
eedcf0f081c78adfcefe3e9208bc83b252f1b4aa
-
SHA256
40ba4a68575cda8b4da56ef2efae3f3c217bf7b78d68c29086e86d324d3ebffa
-
SHA512
519a27a1d28e855d2b8c128f8723200ff7f790069f8087a2c6470e8437b12192a444a79ff4024cf278215db718391e770b783dc167ea321efbfc76e2411c26df
-
SSDEEP
12288:JvqsfIozrJqppjn1rmq12WaD+1Fri1xbcR:h9vrMjn1r5aCjg9cR
-
StormKitty payload
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-