Extracted

• • Target

    0a8fe4d8b13e9cb811bf9985b89cb0a38ee2e594e705a0b366d80e55a3d6f5a4.exe

  • Size

    210KB

  • MD5

    08adca5907849bca41a607e62864cd4a

  • SHA1

    7c7be1451cf7175923139990572470b3fceef9d7

  • SHA256

    0a8fe4d8b13e9cb811bf9985b89cb0a38ee2e594e705a0b366d80e55a3d6f5a4

  • SHA512

    00c121b25f04eba9471abfc8cdf9a63fa5fc6e991d5086cda53245315104831bcddc763d5fba6a9744bf4aaee0829484365ae2e8652c4b01639a798b981ec360

  • SSDEEP

    3072:sr85Cezj8mZw0YaeiJFqIPu/i9bVJ2cxO06+WpzIz+STW8djpN6x:k9K8mm0YmfXPSi9bDDy8XN6x

  Score

  10^/10

  asyncratneshtastormkittydefaultcredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Neshta payload

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Async RAT payload

    rat

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2