Overview

overview

10

Static

static

10

Paid Combo Tools.rar

windows10-1703-x64

3

Paid Combo...ls.pdb

windows10-1703-x64

3

Paid Combo...ls.exe

windows10-1703-x64

10

Paid Combo...er.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Paid Combo Tools.rar

  • Size

    1.6MB

  • Sample

    240427-n41wzsaa69

  • MD5

    0e2f610e1fb1709b68e726297be522f5

  • SHA1

    66dc45d458919c691e2ea9c2f03950c07714c1be

  • SHA256

    9ade92534340b3624c65018cd83dcf57a6b08037aa15af111a34cf561effbccc

  • SHA512

    f26e5c01dd723b0f7e05427eadbaa993f4384fc446ab4c539f656e1f8ee2023eb65c16f4aa5ce9f9421a78251ee29e9e91daf48583821848217b975e24cc2e81

  • SSDEEP

    12288:Z93h7u7jWO718LorB9lIE8mIxvJgjyH1IeaQ+s+sN/qm:Zdh7u7HrTlIZPJnI5Q+mq

Score
10/10
asyncratstormkittydefaultratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6003478563:AAG3aliPXpD1ZldBFn1R2thp1ARU2PprMtU/sendMessage?chat_id=6052812018
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Paid Combo Tools.rar

    • Size

      1.6MB

    • MD5

      0e2f610e1fb1709b68e726297be522f5

    • SHA1

      66dc45d458919c691e2ea9c2f03950c07714c1be

    • SHA256

      9ade92534340b3624c65018cd83dcf57a6b08037aa15af111a34cf561effbccc

    • SHA512

      f26e5c01dd723b0f7e05427eadbaa993f4384fc446ab4c539f656e1f8ee2023eb65c16f4aa5ce9f9421a78251ee29e9e91daf48583821848217b975e24cc2e81

    • SSDEEP

      12288:Z93h7u7jWO718LorB9lIE8mIxvJgjyH1IeaQ+s+sN/qm:Zdh7u7HrTlIZPJnI5Q+mq

    Score
    3/10
    behavioral1

    • Target

      Paid Combo Tools/Combo List Tools.pdb

    • Size

      203KB

    • MD5

      0a7bb36a69518e8538a14e4586bea045

    • SHA1

      2b7042e9c3915b722ce23df90517a06908caa93b

    • SHA256

      575ff4fe54b0ac77a4a6afabcd9e59460328242d2b89651130f7b0dc2537ec28

    • SHA512

      36b264025bb0f0ec2c0db1f1b1724d3a32474be735e3c232caa998beba02bd38b78d74f3ff6a11aa705dd205b134dc51df095d36d43243430baf271c1016d642

    • SSDEEP

      1536:QjVDjR4l/8q/dzkqGY3Jl5WKY6dix1rusXOtzZY3u57mHnjEY4FUohUB//8btaYj:QjV4/5jJjRAPJU7mHromB//5yb5

    Score
    3/10
    behavioral2

    • Target

      Paid Combo Tools/Paid combo Tools.exe

    • Size

      1.3MB

    • MD5

      805ecd51386773aeec776cf15d78ef0f

    • SHA1

      d16204be4bfda5563ccf2aed038a8c11826a2119

    • SHA256

      105b24a1aff3552fd265ed4fc5af8c0266fd7d31a81b3033120020a62304e604

    • SHA512

      47cac5f76e2a20ec14cf8dac56247816ee019106ceceb5a977805c7d8bb3cb3f8eb0c57981483094adcc4da9281d05a3403a1092e26265c5ef991effafae29ee

    • SSDEEP

      24576:XveKmWCVMoQ3x99e/xz5DokDsIeKmWCVMoQ3x99e/xz5DokDseEKmeKmWCVMoQ3G:XvjFF3x9k/x5kkDDjFF3x9k/x5kkDiKv

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral3

    • Target

      Paid Combo Tools/SkinSoft.VisualStyler.dll

    • Size

      1.0MB

    • MD5

      69e6563e0e7ea843e9b37d58819f4136

    • SHA1

      4aebf9955ba0d0b5205b6b013da634aa0281a25d

    • SHA256

      f9fa9f508b9350ed12ed3aa5b7f24aed901a6434b1b02d1f0ee301b8eea54b06

    • SHA512

      c883bcb3f6f2ac3f2fe88eed1356178ff2b43bdeed2188aa06f35cbc9dda8745a3a5c2d28d99daae5b6ea9af46abcae45b7bd4da13f318ba31062a8e8b79a942

    • SSDEEP

      12288:OSVkAXRzNIYqsdMExMDj/iREVGx2G4dZJ25jad4NJQe5rkAf/e5rkp3gN372sx00:ZRz+YqsdMExMDj/iRHx2dJ7Wsx0

    Score
    1/10
    behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks