Extracted

• • Target

    3caa5f06008365fbecf46198744793c36c42309b49a6324bebe8123be10f87d5

  • Size

    74KB

  • MD5

    7ac0adf482250172280defec7a7054da

  • SHA1

    20a25f0da68c309d062c4628ead8b6f377ac7969

  • SHA256

    3caa5f06008365fbecf46198744793c36c42309b49a6324bebe8123be10f87d5

  • SHA512

    d03d033b931f3d39f95a1ec1cdc7d9014783f11b2438c265dd72c0bc34f9d5ced534a38c7c1c88ff930868fd9cf60521dd556b5c486c5cf364f798f39215a1aa

  • SSDEEP

    1536:WUxQcxHCapCtGPMVCe9VdQuDI6H1bf/yBZUu7QzciLVclN:WUOcxHCoeGPMVCe9VdQsH1bfqvUwQzBY

  Score

  10^/10

  asyncratstormkittydefaultcollectiondiscoveryevasionratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • UAC bypass

    evasiontrojan

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2