General
-
Target
WinRAR 7.01 Pro.exe
-
Size
4.3MB
-
Sample
240813-yhhtdsxelk
-
MD5
1c8908102946928867ab16f2007b35cc
-
SHA1
7e08b98299e0195a013e53221e3c2efb149eb4ce
-
SHA256
e3635b82438e536636955e2fee251073b1038a7e00295a1e0efb003ad49965d5
-
SHA512
a559caedc7b00da23cb18607d0f2f05c6954a949dff0c8a4c25f6353163b70fd16722728878bb87c9db5cff86dc0252f967ebc26a66cb975af85f1361372a734
-
SSDEEP
98304:DaxGFtNdBfKEgzVQYAO52weo3VudIlHSTNWA0rkjEaxKd:DRdytzAO52wLVu2oBWv7t
Static task
static1
Behavioral task
behavioral1
Sample
WinRAR 7.01 Pro.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
WinRAR 7.01 Pro.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5912059723:AAEvmpZvnGHJALjBBXk_PBuStnzDRsTe4-M/sendMessage?chat_id=750182271
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
WinRAR 7.01 Pro.exe
-
Size
4.3MB
-
MD5
1c8908102946928867ab16f2007b35cc
-
SHA1
7e08b98299e0195a013e53221e3c2efb149eb4ce
-
SHA256
e3635b82438e536636955e2fee251073b1038a7e00295a1e0efb003ad49965d5
-
SHA512
a559caedc7b00da23cb18607d0f2f05c6954a949dff0c8a4c25f6353163b70fd16722728878bb87c9db5cff86dc0252f967ebc26a66cb975af85f1361372a734
-
SSDEEP
98304:DaxGFtNdBfKEgzVQYAO52weo3VudIlHSTNWA0rkjEaxKd:DRdytzAO52wLVu2oBWv7t
-
StormKitty payload
-
Async RAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1