General
-
Target
Paid Combo Tools.rar
-
Size
1.6MB
-
Sample
240427-n41wzsaa69
-
MD5
0e2f610e1fb1709b68e726297be522f5
-
SHA1
66dc45d458919c691e2ea9c2f03950c07714c1be
-
SHA256
9ade92534340b3624c65018cd83dcf57a6b08037aa15af111a34cf561effbccc
-
SHA512
f26e5c01dd723b0f7e05427eadbaa993f4384fc446ab4c539f656e1f8ee2023eb65c16f4aa5ce9f9421a78251ee29e9e91daf48583821848217b975e24cc2e81
-
SSDEEP
12288:Z93h7u7jWO718LorB9lIE8mIxvJgjyH1IeaQ+s+sN/qm:Zdh7u7HrTlIZPJnI5Q+mq
Behavioral task
behavioral1
Sample
Paid Combo Tools.rar
Resource
win10-20240404-fr
Behavioral task
behavioral2
Sample
Paid Combo Tools/Combo List Tools.pdb
Resource
win10-20240404-fr
Behavioral task
behavioral3
Sample
Paid Combo Tools/Paid combo Tools.exe
Resource
win10-20240404-fr
Behavioral task
behavioral4
Sample
Paid Combo Tools/SkinSoft.VisualStyler.dll
Resource
win10-20240404-fr
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6003478563:AAG3aliPXpD1ZldBFn1R2thp1ARU2PprMtU/sendMessage?chat_id=6052812018
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Paid Combo Tools.rar
-
Size
1.6MB
-
MD5
0e2f610e1fb1709b68e726297be522f5
-
SHA1
66dc45d458919c691e2ea9c2f03950c07714c1be
-
SHA256
9ade92534340b3624c65018cd83dcf57a6b08037aa15af111a34cf561effbccc
-
SHA512
f26e5c01dd723b0f7e05427eadbaa993f4384fc446ab4c539f656e1f8ee2023eb65c16f4aa5ce9f9421a78251ee29e9e91daf48583821848217b975e24cc2e81
-
SSDEEP
12288:Z93h7u7jWO718LorB9lIE8mIxvJgjyH1IeaQ+s+sN/qm:Zdh7u7HrTlIZPJnI5Q+mq
Score3/10 -
-
-
Target
Paid Combo Tools/Combo List Tools.pdb
-
Size
203KB
-
MD5
0a7bb36a69518e8538a14e4586bea045
-
SHA1
2b7042e9c3915b722ce23df90517a06908caa93b
-
SHA256
575ff4fe54b0ac77a4a6afabcd9e59460328242d2b89651130f7b0dc2537ec28
-
SHA512
36b264025bb0f0ec2c0db1f1b1724d3a32474be735e3c232caa998beba02bd38b78d74f3ff6a11aa705dd205b134dc51df095d36d43243430baf271c1016d642
-
SSDEEP
1536:QjVDjR4l/8q/dzkqGY3Jl5WKY6dix1rusXOtzZY3u57mHnjEY4FUohUB//8btaYj:QjV4/5jJjRAPJU7mHromB//5yb5
Score3/10 -
-
-
Target
Paid Combo Tools/Paid combo Tools.exe
-
Size
1.3MB
-
MD5
805ecd51386773aeec776cf15d78ef0f
-
SHA1
d16204be4bfda5563ccf2aed038a8c11826a2119
-
SHA256
105b24a1aff3552fd265ed4fc5af8c0266fd7d31a81b3033120020a62304e604
-
SHA512
47cac5f76e2a20ec14cf8dac56247816ee019106ceceb5a977805c7d8bb3cb3f8eb0c57981483094adcc4da9281d05a3403a1092e26265c5ef991effafae29ee
-
SSDEEP
24576:XveKmWCVMoQ3x99e/xz5DokDsIeKmWCVMoQ3x99e/xz5DokDseEKmeKmWCVMoQ3G:XvjFF3x9k/x5kkDDjFF3x9k/x5kkDiKv
-
StormKitty payload
-
Async RAT payload
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
-
-
Target
Paid Combo Tools/SkinSoft.VisualStyler.dll
-
Size
1.0MB
-
MD5
69e6563e0e7ea843e9b37d58819f4136
-
SHA1
4aebf9955ba0d0b5205b6b013da634aa0281a25d
-
SHA256
f9fa9f508b9350ed12ed3aa5b7f24aed901a6434b1b02d1f0ee301b8eea54b06
-
SHA512
c883bcb3f6f2ac3f2fe88eed1356178ff2b43bdeed2188aa06f35cbc9dda8745a3a5c2d28d99daae5b6ea9af46abcae45b7bd4da13f318ba31062a8e8b79a942
-
SSDEEP
12288:OSVkAXRzNIYqsdMExMDj/iREVGx2G4dZJ25jad4NJQe5rkAf/e5rkp3gN372sx00:ZRz+YqsdMExMDj/iRHx2dJ7Wsx0
Score1/10 -