Overview

overview

10

Static

static

10

NETFLIX CHECK.exe

windows10-1703-x64

10

NETFLIX CHECKER .exe

windows10-1703-x64

7

rdp_via_virusbug1.pyc

windows10-1703-x64

3

netflx pro...ls.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NETFLIX CHECKER 2024.rar

  • Size

    10.8MB

  • Sample

    240620-ytldnazbrn

  • MD5

    6d34ccae0ed9443277fc2d783fb52c32

  • SHA1

    289f2a71ebe366c8de16dfffe864d577b6d29224

  • SHA256

    3d629bec9197f53962123b063c1e77eec7f9a7360bd25aff32e3e36b8a49790d

  • SHA512

    9a5f46148e9e0f3c151d285a03b3013c64d6c5b26f4c81d0b609420e27b3aa7ac21a7b597b065a4df410a48747fb376dc4b7b5beaeb1083940d1c3d72af77854

  • SSDEEP

    196608:alfGIsbFwsf50CycjR/tyNmzxFHSm02c+oJsYvsatO0UoSUWjrHIVEvq:alOIO0qJumzrym02cYY0EEUWjHvq

Score
10/10
asyncratstormkittydefaultpersistenceprivilege_escalationpyinstallerratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7296708750:AAHaReWmJb8V8RSaBq85rGeMNuKmZ4t2rS0/sendMessage?chat_id=7389740990
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      NETFLIX CHECK.exe

    • Size

      233KB

    • MD5

      4e2c574162ce7f347b51cbaf5703d502

    • SHA1

      5c5e4374bcb2792ab99dbe9eed7b2d3427523008

    • SHA256

      4616affdbff47a0008f2fecd202d011aac74899a876df7dcb334eee8d963a947

    • SHA512

      552cf42453b9af83052e2643530c360545c7667a72873337ec6c2d23c98f87a14627621a85e4cd4e81e00cd4d24c8a7fbe342c31165d093ab9cb3de79420e8b2

    • SSDEEP

      6144:jiDubaBBOBIIj6HLLYLCYJqvc1DOfRfGYb/FHbyeZP8vodSnbC:jbbaRfR+YbtdP8cu

    Score
    10/10
    asyncratstormkittydefaultpersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1

    • Target

      NETFLIX CHECKER .exe

    • Size

      10.8MB

    • MD5

      b3a1734baddfd597b02ca1d9d6304c67

    • SHA1

      e28ebd872e9b48b9eda42e181e4e891f6a570b77

    • SHA256

      afd0b66b02a2485dbb7ac67fcb5a5be57085d2ee94e8bbdcd825ef2479d7c0ee

    • SHA512

      254d34d3e07b3d2eedd71768340be34416c8cf0c56002e3e7b51c6ed348bb0db6d256e079387d8c24de8e71cccb18147abd41fce73a3d5ad38f1c2bd55ce8a21

    • SSDEEP

      196608:cZkOrTaGSzg3/imh785qBA1HeT39Iigw/+vvKub75bcjWgbkzfgAkjiWlUkcd:zOL3/dx8Uq1+TtIiFGvvB5IjWqkzuBcd

    Score
    7/10

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      rdp_via_virusbug1.pyc

    • Size

      1KB

    • MD5

      b77398c97568042b36087783226d9287

    • SHA1

      006eab226c532847b98f415f73627817d7d4e99b

    • SHA256

      a05fc9900ac6daf213bd235afd87c2fc04d19bc9abc45a156e3eeca9ea82697a

    • SHA512

      7e982be4ee428a33c00f59e2658019135f3b5ea4d919315d02ce13f148a3c57ffdbae3e07f9e00e0860ec92b2e5b82cfd0c5af9f68fce95bc7a68764ef7a8d14

    Score
    3/10
    behavioral3

    • Target

      netflx proxy Tools.exe

    • Size

      233KB

    • MD5

      4e2c574162ce7f347b51cbaf5703d502

    • SHA1

      5c5e4374bcb2792ab99dbe9eed7b2d3427523008

    • SHA256

      4616affdbff47a0008f2fecd202d011aac74899a876df7dcb334eee8d963a947

    • SHA512

      552cf42453b9af83052e2643530c360545c7667a72873337ec6c2d23c98f87a14627621a85e4cd4e81e00cd4d24c8a7fbe342c31165d093ab9cb3de79420e8b2

    • SSDEEP

      6144:jiDubaBBOBIIj6HLLYLCYJqvc1DOfRfGYb/FHbyeZP8vodSnbC:jbbaRfR+YbtdP8cu

    Score
    10/10
    asyncratstormkittydefaultpersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral4

MITRE ATT&CK Enterprise v15

Tasks