General
-
Target
Flash USDT @ZerodayExploitware.rar
-
Size
16.4MB
-
Sample
240630-tjsyjazgqc
-
MD5
2fd43a4cbc0d1a1d0ab8feb4975bbafa
-
SHA1
929f892d0cc09b3e06a2abe56126e99b9483cafd
-
SHA256
2ddaeb628e70b156acc59ffb0dbe5313da7c46b0c8d8b852e8ae10a3fe69c13c
-
SHA512
648152b3de9b7c80963f6644473adcf753a554333851574e6b2a8e87127f8828caec815d2779dfcbeb7aaa6f957f8647224b00195de625e81a3655cf02ffcc8d
-
SSDEEP
393216:QOSkGG/GcGs0JkWnrhpfbNnwENY2Of1wuMzlQZWy8CGmFUMU:/TGcGsYn9pfbNnwENY2OaBzl08CGma/
Static task
static1
Behavioral task
behavioral1
Sample
Flash USDT @ZerodayExploitware.rar
Resource
win10-20240404-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6381067446:AAEZEWH8wbF7Q1Kou81_S0sE6VwJZGJKneM/sendMessage?chat_id=5901231421
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Flash USDT @ZerodayExploitware.rar
-
Size
16.4MB
-
MD5
2fd43a4cbc0d1a1d0ab8feb4975bbafa
-
SHA1
929f892d0cc09b3e06a2abe56126e99b9483cafd
-
SHA256
2ddaeb628e70b156acc59ffb0dbe5313da7c46b0c8d8b852e8ae10a3fe69c13c
-
SHA512
648152b3de9b7c80963f6644473adcf753a554333851574e6b2a8e87127f8828caec815d2779dfcbeb7aaa6f957f8647224b00195de625e81a3655cf02ffcc8d
-
SSDEEP
393216:QOSkGG/GcGs0JkWnrhpfbNnwENY2Of1wuMzlQZWy8CGmFUMU:/TGcGsYn9pfbNnwENY2OaBzl08CGma/
-
StormKitty payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-