General

  • Target

    Socialclub.rar

  • Size

    396KB

  • Sample

    240507-cvhs9seb5w

  • MD5

    f2e08ccb9dc07631220e08ec581a9e34

  • SHA1

    bdcd6574a5d79fcfd74cea2aa31f722020ca6cb8

  • SHA256

    b847943032293a9744a4831e1fdeabc4485d71cf44097a1c82c21b4e8fb47e62

  • SHA512

    c33b212e3f6886fdbe18d338b36dab9ff2b7087dd2714990e3e85ed5926b2feaaf1d5c5bb691857dbc2e6dc69f153dc3ad4beee27a0852ff6d275079b9e9b334

  • SSDEEP

    12288:g3d62BAf8rnjpJaiZqZ5g4jkUO/Yr3Lye:gNCkLva2qZ57wyr7ye

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5236702741:AAEYl0F5uVbja0ncy0sx9vJHGvygeGhNV9M/sendMessage?chat_id=775796924

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Socialclub/SkinSoft.Sociallclub.dll

    • Size

      964KB

    • MD5

      2d84a619d4bd339f860cb48af0c9b6c8

    • SHA1

      05e520126ee1100c98263bfbd5a6ff0ce6ace4f7

    • SHA256

      365ffde7df914840eb21c96f34c39912a4b031e3814b8e902b67acee6dff65a1

    • SHA512

      bd0c5e8b018ae393a5f2b92b4a10b5b674ca466074d18b4f86b12cbe9a6a520a95323146cb8e5226b1698f14efcc63addf0df421677b7f5ba3c8d94dbcb511d0

    • SSDEEP

      12288:XxIFyaWHyXq7VBnpJnqRAjcHFNdotFYsFjrXhmEBFa:XxIFyaWHyXq7VBnpJnqRAwHsJm

    Score
    1/10
    • Target

      Socialclub/rockstar checker.exe

    • Size

      170KB

    • MD5

      1228851106e9f2178b56e9985014e243

    • SHA1

      5e3a4575bdaf68735c86c97a2df65624dfc999fb

    • SHA256

      e49259a6849bb633e25fae724da3ccfadfa710a7b19f59db18a24b8207e9c319

    • SHA512

      678d9982b410a535d3ea0c128ddafe2fd391759b0b6aa39ea101b9d1d66aad30089ea3c77ba63e81cf4b100d2ce14bb7aa85a1c74a97ca5aed478bcbc8495e69

    • SSDEEP

      3072:++STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2cJak6+Wp7:j8XN6W8mmHPtppXPSi9b4na

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Target

      Socialclub/xNet.dll

    • Size

      116KB

    • MD5

      3df8d87a482efad957d83819adb3020f

    • SHA1

      f5b710581355ac5d0de7a36446b93533232144db

    • SHA256

      2ac175b4d44245ee8e7aee9cc36df86925ef903d8516f20a2c51d84e35f23da4

    • SHA512

      da28c34a85a6530b1c558fa11b0e71e70710d719cd8ceaf81f954d1fe3927ec139bee6c5f3135425cc5220905240f1a31d831611c46d18f5d52600b607ea59a6

    • SSDEEP

      3072:NWl4rhAigbJ0c1qnV+xnEd44asVyrVfwN5lTCTh3n3F:NWvigbdqnV+xnEd4zsVyJb

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks