General
-
Target
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54
-
Size
75KB
-
Sample
240417-m9rptsee4z
-
MD5
a7d63348cfe9b0dc9d3aaec28c76c8f0
-
SHA1
1b993f554960286e90cfd7cedf4c457e1c46ff80
-
SHA256
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54
-
SHA512
3910836ccae023d562c66bfd754b0d1e3aadc4c1cbf57e96e8220c1de6534a529ec3630d595a7baba7c56ca503b6ce6d012b9c388b9f896f2a0a8be317ca5010
-
SSDEEP
1536:XXkUaUdXCfRPMRkGWsrT/NGH1ba/KOjybwokzkHLVclN:XUUTNWPMRkGUH1baP+tkWBY
Behavioral task
behavioral1
Sample
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
hoyqzolrquxmbnzaee
-
delay
1
-
install
true
-
install_file
system.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/ckrnc4Uk
Extracted
http://xcu.exgaming.click
Extracted
http://xcu5.exgaming.click
Targets
-
-
Target
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54
-
Size
75KB
-
MD5
a7d63348cfe9b0dc9d3aaec28c76c8f0
-
SHA1
1b993f554960286e90cfd7cedf4c457e1c46ff80
-
SHA256
16686f1e7563cc54a0d047a1033456f84d918f6f93f0bbca7cb440925f1eeb54
-
SHA512
3910836ccae023d562c66bfd754b0d1e3aadc4c1cbf57e96e8220c1de6534a529ec3630d595a7baba7c56ca503b6ce6d012b9c388b9f896f2a0a8be317ca5010
-
SSDEEP
1536:XXkUaUdXCfRPMRkGWsrT/NGH1ba/KOjybwokzkHLVclN:XUUTNWPMRkGUH1baP+tkWBY
-
StormKitty payload
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1