General
-
Target
AstroExecutor-main.zip
-
Size
9.7MB
-
Sample
240802-rkpamasbqh
-
MD5
da16ee9fc5ef6ad48e876d404c206440
-
SHA1
f48e047fd0018b6853e661dd26dfe2df907c17c7
-
SHA256
3c406098264b3337989564f94c1b07d3409919a549b4af6b90eecb341c2bef28
-
SHA512
8f5cc5c5abce9ebcbe67f7f0e1f286272f17252e6409bdd8318a6f30596dddaaa7dadbdf8032f3503ebcdc39be39b1b1eccbe1a9616ea601a859083317764fc4
-
SSDEEP
196608:TjyeQBeBBhOmSA4KdKWwzYiimaA/bRYWHVxDD7qBeHfRsUiIH5g:TjTXPSxKB+VVSYVxL6eyk5g
Malware Config
Targets
-
-
Target
AstroExecutor/AstroSetup.exe
-
Size
24.7MB
-
MD5
0144c29e294516dd4817e78723b105b0
-
SHA1
12daa32f6091a8c07af038b73b83a8502e529162
-
SHA256
d96602b90eb37f39d4267e58d500dedd0d7f09ccb7103b6965507c3389cfa942
-
SHA512
87120e1f2cd54fc8e6d500b6b56929e7af2f3d642e3f6fe19be8f699b52b9d7f68306c3a90e20e2842b9bbee126b39d68bc43dae28cbfc0636cd48dbedc025bf
-
SSDEEP
393216:3/CDSlpjG+u6fb+SJ8aqq1CPwDvt3uFhCdFe9XbNs4eBM609nFpu:36DSlpjdgnFpu
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-