Overview

overview

10

Static

static

10

Anarxiya/A...el.exe

windows10-2004-x64

10

Resubmissions

05-07-2024 17:23

240705-vyej5ascmr 10

05-07-2024 17:18

240705-vt88yasckj 10

05-07-2024 16:59

240705-vhqbpavbka 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Anarxiya.rar

  • Size

    53.7MB

  • Sample

    240705-vhqbpavbka

  • MD5

    d345b172408711fffd95a016486782b7

  • SHA1

    a0b7189cfe47788b264e743be546f9cea0f3c8fb

  • SHA256

    8074d6085f0629dc715fbf492933cf91ae573051c84aa749d56f88936e8f0ea1

  • SHA512

    0a22a5946df436534e220082651a629fe55da1c0a1ed1e0a97ef6c35764f0737ad5f4d22f4f61e305ab72663c454e3dd94b37bdca9842d0241030fa27000e742

  • SSDEEP

    786432:5Co3pULKQEL6voi2rbhNZ31HqCcymYonsE0uA5zMqmUdJUceAIV1Ee:5Co3pWKFa7ObhNPqHxDu5gnae

Score
10/10
asyncratstealeriumstormkittydefaultcollectionpersistenceprivilege_escalationransomwareratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:7777

Attributes
  • delay

    1

  • install

    true

  • install_file

    restmaPrograms.exe

  • install_folder

    %AppData%

aes.plain

Extracted

Path

C:\Users\Admin\Desktop\README.txt

Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure that we have a decryptor and it works, you can decrypt one file for free. But this file should be of not valuable! Attention do not try to decrypt the times, they may break and we will not be able to decrypt it. 1. Visit https://tox.chat/download.html 2. Download and install qTox on your PC. 3. Open it, click "New Profile" and create profile. 4. Click "Add friends" button and search our contact - test 5. In message please write your ID and wait your answer. Your ID is [C0E5A63A427B0B660D3B] [[Encrypted Files]] C:\vcredist2010_x64.log-MSI_vc_red.msi.txt C:\vcredist2010_x64.log.html C:\vcredist2010_x86.log-MSI_vc_red.msi.txt C:\vcredist2010_x86.log.html C:\Program Files\CloseGrant.mp4 C:\Program Files\DebugExpand.rtf C:\Program Files\InitializeTrace.odt C:\Program Files\OptimizeSearch.php C:\Program Files\ShowRestart.7z C:\Program Files\7-Zip\History.txt C:\Program Files\7-Zip\License.txt C:\Program Files\7-Zip\readme.txt C:\Program Files\7-Zip\Lang\af.txt C:\Program Files\7-Zip\Lang\an.txt C:\Program Files\7-Zip\Lang\ar.txt C:\Program Files\7-Zip\Lang\ast.txt C:\Program Files\7-Zip\Lang\az.txt C:\Program Files\7-Zip\Lang\ba.txt C:\Program Files\7-Zip\Lang\be.txt C:\Program Files\7-Zip\Lang\bg.txt C:\Program Files\7-Zip\Lang\bn.txt C:\Program Files\7-Zip\Lang\br.txt C:\Program Files\7-Zip\Lang\ca.txt C:\Program Files\7-Zip\Lang\co.txt C:\Program Files\7-Zip\Lang\cs.txt C:\Program Files\7-Zip\Lang\cy.txt C:\Program Files\7-Zip\Lang\da.txt C:\Program Files\7-Zip\Lang\de.txt C:\Program Files\7-Zip\Lang\el.txt C:\Program Files\7-Zip\Lang\eo.txt C:\Program Files\7-Zip\Lang\es.txt C:\Program Files\7-Zip\Lang\et.txt C:\Program Files\7-Zip\Lang\eu.txt C:\Program Files\7-Zip\Lang\ext.txt C:\Program Files\7-Zip\Lang\fa.txt C:\Program Files\7-Zip\Lang\fi.txt C:\Program Files\7-Zip\Lang\fr.txt C:\Program Files\7-Zip\Lang\fur.txt C:\Program Files\7-Zip\Lang\fy.txt C:\Program Files\7-Zip\Lang\ga.txt C:\Program Files\7-Zip\Lang\gl.txt C:\Program Files\7-Zip\Lang\gu.txt C:\Program Files\7-Zip\Lang\he.txt C:\Program Files\7-Zip\Lang\hi.txt C:\Program Files\7-Zip\Lang\hr.txt C:\Program Files\7-Zip\Lang\hu.txt C:\Program Files\7-Zip\Lang\hy.txt C:\Program Files\7-Zip\Lang\id.txt C:\Program Files\7-Zip\Lang\io.txt C:\Program Files\7-Zip\Lang\is.txt C:\Program Files\7-Zip\Lang\it.txt C:\Program Files\7-Zip\Lang\ja.txt C:\Program Files\7-Zip\Lang\ka.txt C:\Program Files\7-Zip\Lang\kaa.txt C:\Program Files\7-Zip\Lang\kab.txt C:\Program Files\7-Zip\Lang\kk.txt C:\Program Files\7-Zip\Lang\ko.txt C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Program Files\7-Zip\Lang\ku.txt C:\Program Files\7-Zip\Lang\ky.txt C:\Program Files\7-Zip\Lang\lij.txt C:\Program Files\7-Zip\Lang\lt.txt C:\Program Files\7-Zip\Lang\lv.txt C:\Program Files\7-Zip\Lang\mk.txt C:\Program Files\7-Zip\Lang\mn.txt C:\Program Files\7-Zip\Lang\mng.txt C:\Program Files\7-Zip\Lang\mng2.txt C:\Program Files\7-Zip\Lang\mr.txt C:\Program Files\7-Zip\Lang\ms.txt C:\Program Files\7-Zip\Lang\nb.txt C:\Program Files\7-Zip\Lang\ne.txt C:\Program Files\7-Zip\Lang\nl.txt C:\Program Files\7-Zip\Lang\nn.txt C:\Program Files\7-Zip\Lang\pa-in.txt C:\Program Files\7-Zip\Lang\pl.txt C:\Program Files\7-Zip\Lang\ps.txt C:\Program Files\7-Zip\Lang\pt-br.txt C:\Program Files\7-Zip\Lang\pt.txt C:\Program Files\7-Zip\Lang\ro.txt C:\Program Files\7-Zip\Lang\ru.txt C:\Program Files\7-Zip\Lang\sa.txt C:\Program Files\7-Zip\Lang\si.txt C:\Program Files\7-Zip\Lang\sk.txt C:\Program Files\7-Zip\Lang\sl.txt C:\Program Files\7-Zip\Lang\sq.txt C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Program Files\7-Zip\Lang\sv.txt C:\Program Files\7-Zip\Lang\sw.txt C:\Program Files\7-Zip\Lang\ta.txt C:\Program Files\7-Zip\Lang\tg.txt C:\Program Files\7-Zip\Lang\th.txt C:\Program Files\7-Zip\Lang\tk.txt C:\Program Files\7-Zip\Lang\tr.txt C:\Program Files\7-Zip\Lang\tt.txt C:\Program Files\7-Zip\Lang\ug.txt C:\Program Files\7-Zip\Lang\uk.txt C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Program Files\7-Zip\Lang\uz.txt C:\Program Files\7-Zip\Lang\va.txt C:\Program Files\7-Zip\Lang\vi.txt C:\Program Files\7-Zip\Lang\yo.txt C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml C:\Program Files\dotnet\LICENSE.txt C:\Program Files\dotnet\ThirdPartyNotices.txt C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml C:\Program Files\Google\Chrome\Application\master_preferences C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrome.7z C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE C:\Program Files\Java\jdk-1.8\COPYRIGHT C:\Program Files\Java\jdk-1.8\javafx-src.zip C:\Program Files\Java\jdk-1.8\jmc.txt C:\Program Files\Java\jdk-1.8\jvisualvm.txt C:\Program Files\Java\jdk-1.8\LICENSE C:\Program Files\Java\jdk-1.8\README.html C:\Program Files\Java\jdk-1.8\release C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt C:\Program Files\Java\jdk-1.8\include\classfile_constants.h C:\Program Files\Java\jdk-1.8\include\jawt.h C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h C:\Program Files\Java\jdk-1.8\include\jni.h C:\Program Files\Java\jdk-1.8\include\jvmti.h C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT C:\Program Files\Java\jdk-1.8\jre\LICENSE C:\Program Files\Java\jdk-1.8\jre\README.txt C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt C:\Program Files\Java\jdk-1.8\jre\Welcome.html C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar C:\Program Files\Java\jdk-1.8\jre\lib\classlist C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar C:\Program Files\Java\jdk-1.8\jre\lib\meta-index C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar C:\Program Files\Java\jdk-1.8\jre\lib\rt.jar C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar C:\Program Files\Java\jdk-1.8\lib\dt.jar C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar C:\Program Files\Java\jdk-1.8\lib\jconsole.jar C:\Program Files\Java\jdk-1.8\lib\packager.jar C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar C:\Program Files\Java\jdk-1.8\lib\tools.jar C:\Program Files\Java\jre-1.8\COPYRIGHT C:\Program Files\Java\jre-1.8\LICENSE C:\Program Files\Java\jre-1.8\README.txt C:\Program Files\Java\jre-1.8\release C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt C:\Program Files\Java\jre-1.8\Welcome.html C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md C:\Program Files\Java\jre-1.8\legal\javafx\glib.md C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md
Emails

Files\Java\jdk-1.8\jre\lib\deploy\[email protected]

Files\Java\jdk-1.8\jre\lib\deploy\[email protected]

Files\Java\jre-1.8\lib\deploy\[email protected]

Files\Java\jre-1.8\lib\deploy\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]
URLs

https://tox.chat/download.html

Targets

    • Target

      Anarxiya/Anarchy Panel.exe

    • Size

      54.6MB

    • MD5

      94bac1a0cc0dbac256f0d3b4c90648c2

    • SHA1

      4abcb8a31881e88322f6a37cbb24a14a80c6eef2

    • SHA256

      50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94

    • SHA512

      30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9

    • SSDEEP

      786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

    Score
    10/10
    asyncratstealeriumstormkittydefaultcollectionpersistenceprivilege_escalationransomwareratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Renames multiple (3112) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

2
T1120

Process Discovery

1
T1057

Query Registry

5
T1012

System Information Discovery

7
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Command and Control

Exfiltration

Impact

Tasks