General
-
Target
Socialclub.rar
-
Size
396KB
-
Sample
240626-y3ra9s1frd
-
MD5
f2e08ccb9dc07631220e08ec581a9e34
-
SHA1
bdcd6574a5d79fcfd74cea2aa31f722020ca6cb8
-
SHA256
b847943032293a9744a4831e1fdeabc4485d71cf44097a1c82c21b4e8fb47e62
-
SHA512
c33b212e3f6886fdbe18d338b36dab9ff2b7087dd2714990e3e85ed5926b2feaaf1d5c5bb691857dbc2e6dc69f153dc3ad4beee27a0852ff6d275079b9e9b334
-
SSDEEP
12288:g3d62BAf8rnjpJaiZqZ5g4jkUO/Yr3Lye:gNCkLva2qZ57wyr7ye
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5236702741:AAEYl0F5uVbja0ncy0sx9vJHGvygeGhNV9M/sendMessage?chat_id=775796924
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Socialclub.rar
-
Size
396KB
-
MD5
f2e08ccb9dc07631220e08ec581a9e34
-
SHA1
bdcd6574a5d79fcfd74cea2aa31f722020ca6cb8
-
SHA256
b847943032293a9744a4831e1fdeabc4485d71cf44097a1c82c21b4e8fb47e62
-
SHA512
c33b212e3f6886fdbe18d338b36dab9ff2b7087dd2714990e3e85ed5926b2feaaf1d5c5bb691857dbc2e6dc69f153dc3ad4beee27a0852ff6d275079b9e9b334
-
SSDEEP
12288:g3d62BAf8rnjpJaiZqZ5g4jkUO/Yr3Lye:gNCkLva2qZ57wyr7ye
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Socialclub/Results/2fa.txt
-
Size
2KB
-
MD5
122fe81978d51329468e7a21558fc89f
-
SHA1
3bb2c4d48bf1c8bbd4118ab0fcde4686393f6321
-
SHA256
3667a061348179369c19bb1adedaae4223e18f9b725ab9b3c0a20a765b675523
-
SHA512
26a77866b224154bf291087d0bdd6045cb73755166be07f8f1cddb6a45437ef7f45de4cf0cb47700990735a543f5d5f7c3cdb514309977f0ced6935c70e607c5
Score1/10 -
-
-
Target
Socialclub/Results/nocapture.txt
-
Size
1KB
-
MD5
001bc8100390dccdebe2831287a78e6e
-
SHA1
181663bc96da3c385593fa010cfbb9ec4d59e5cd
-
SHA256
5b4bbf04e00f48aa4e38031cf39eeafac77451f7b3e985e4df485f3553d3ab0b
-
SHA512
3124983cb3770b38dc1fcf0acbebff58a9dc83670b879ca03d62b143ab46e917bf83bd38c316342ed7ab8796de3bdda6bd84cecc3ccd8f6a2f26dd4f040b6bc5
Score1/10 -
-
-
Target
Socialclub/SkinSoft.Sociallclub.dll
-
Size
964KB
-
MD5
2d84a619d4bd339f860cb48af0c9b6c8
-
SHA1
05e520126ee1100c98263bfbd5a6ff0ce6ace4f7
-
SHA256
365ffde7df914840eb21c96f34c39912a4b031e3814b8e902b67acee6dff65a1
-
SHA512
bd0c5e8b018ae393a5f2b92b4a10b5b674ca466074d18b4f86b12cbe9a6a520a95323146cb8e5226b1698f14efcc63addf0df421677b7f5ba3c8d94dbcb511d0
-
SSDEEP
12288:XxIFyaWHyXq7VBnpJnqRAjcHFNdotFYsFjrXhmEBFa:XxIFyaWHyXq7VBnpJnqRAwHsJm
Score1/10 -
-
-
Target
Socialclub/rockstar checker.exe
-
Size
170KB
-
MD5
1228851106e9f2178b56e9985014e243
-
SHA1
5e3a4575bdaf68735c86c97a2df65624dfc999fb
-
SHA256
e49259a6849bb633e25fae724da3ccfadfa710a7b19f59db18a24b8207e9c319
-
SHA512
678d9982b410a535d3ea0c128ddafe2fd391759b0b6aa39ea101b9d1d66aad30089ea3c77ba63e81cf4b100d2ce14bb7aa85a1c74a97ca5aed478bcbc8495e69
-
SSDEEP
3072:++STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2cJak6+Wp7:j8XN6W8mmHPtppXPSi9b4na
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
-
-
Target
Socialclub/xNet.dll
-
Size
116KB
-
MD5
3df8d87a482efad957d83819adb3020f
-
SHA1
f5b710581355ac5d0de7a36446b93533232144db
-
SHA256
2ac175b4d44245ee8e7aee9cc36df86925ef903d8516f20a2c51d84e35f23da4
-
SHA512
da28c34a85a6530b1c558fa11b0e71e70710d719cd8ceaf81f954d1fe3927ec139bee6c5f3135425cc5220905240f1a31d831611c46d18f5d52600b607ea59a6
-
SSDEEP
3072:NWl4rhAigbJ0c1qnV+xnEd44asVyrVfwN5lTCTh3n3F:NWvigbdqnV+xnEd4zsVyJb
Score1/10 -