General
-
Target
e82db9bfa7569c986611bf179918367f45b1bded86aba57c0d7f13be22d4b3f1
-
Size
519KB
-
Sample
240417-rh311acg5t
-
MD5
162751834ef69aa5579fa06f1683923a
-
SHA1
4349c9cbda3b83d7a4ca55437993beeb9fbcb3f0
-
SHA256
e82db9bfa7569c986611bf179918367f45b1bded86aba57c0d7f13be22d4b3f1
-
SHA512
128420fe8e380c9bf3091500fe42357a69dd9d905ac32376d17d7d2e73ff18ec03c3590ed18752c0faa741f7b71c8b72e6717c28cb02542adf9bd6c8f56d34bf
-
SSDEEP
12288:IeWaAuFxF5debY1Hsyr6rdHFHWZoswwSed1pBzAjPT4yp5nCk2:xP3F5des1HspHFmosZSiw/p592
Static task
static1
Behavioral task
behavioral1
Sample
0942114dc0e73052e114c375a09aa0c5dff4e0a5a2af8da7b5672bc95d082065.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0942114dc0e73052e114c375a09aa0c5dff4e0a5a2af8da7b5672bc95d082065.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6385771902:AAFzEpqHXketXwfW52woBHFnqZy6kfI91A0/sendMessage?chat_id=6517488336
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
0942114dc0e73052e114c375a09aa0c5dff4e0a5a2af8da7b5672bc95d082065.exe
-
Size
599KB
-
MD5
9a6d7cf04078015c9a7f8c69deb4d9e8
-
SHA1
82f96bf497e9ce6b0dc2f9284ba014d238b74f7a
-
SHA256
0942114dc0e73052e114c375a09aa0c5dff4e0a5a2af8da7b5672bc95d082065
-
SHA512
c6d22d451cd302f7235da71e4c4c351bade1e9c793bc31237d6c0d36db8ab24bda1a7bf34deeac436e5eb8aaa2db16f0a4cab2b093b3e6b8a11925a7e6d5c365
-
SSDEEP
12288:7lnOmmnq8yKfju2xZ7rH/NUV1iUp8eBoJ67AKJNsFtbj:vPKrnZPNo1iUpj2Y7AKJNsb3
Score10/10-
StormKitty payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-