General
-
Target
720b2d599314eaf90cd60038f7e7d2e8.exe
-
Size
175KB
-
Sample
240804-p6cslswajq
-
MD5
720b2d599314eaf90cd60038f7e7d2e8
-
SHA1
76592e0a64b599fbb49d006faa2de4211dd79834
-
SHA256
ea520d8e6ca1d44593f26ceea349d55709ebd61565f67368947d38e484f5846f
-
SHA512
eb5a2bc7cd470697cc3613edd51d3af9c4d64f05a71297a6b00c5137956bf269a62253fd60e7b994a750e3cc9eb44dae4275d10dd1356b4ea6140b16b2ab74e2
-
SSDEEP
3072:Ie8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gThwARE+WpCc:c6ewwIwQJ6vKX0c5MlYZ0b2+
Behavioral task
behavioral1
Sample
720b2d599314eaf90cd60038f7e7d2e8.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
720b2d599314eaf90cd60038f7e7d2e8.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6082381502:AAGYF_HaZVw7ziBPxYHyd8WNo0uQbAM7fiU/sendMessage?chat_id=5795480469
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
720b2d599314eaf90cd60038f7e7d2e8.exe
-
Size
175KB
-
MD5
720b2d599314eaf90cd60038f7e7d2e8
-
SHA1
76592e0a64b599fbb49d006faa2de4211dd79834
-
SHA256
ea520d8e6ca1d44593f26ceea349d55709ebd61565f67368947d38e484f5846f
-
SHA512
eb5a2bc7cd470697cc3613edd51d3af9c4d64f05a71297a6b00c5137956bf269a62253fd60e7b994a750e3cc9eb44dae4275d10dd1356b4ea6140b16b2ab74e2
-
SSDEEP
3072:Ie8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gThwARE+WpCc:c6ewwIwQJ6vKX0c5MlYZ0b2+
-
StormKitty payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1