Extracted

• • Target

    a079cae4d890636c6efa593478a3f660N.exe

  • Size

    120KB

  • MD5

    a079cae4d890636c6efa593478a3f660

  • SHA1

    9bc58bc0f01ed32acff41d5f1252029f347d29cb

  • SHA256

    33e6321d98c24b4effb796dc13f1655138dd78aa8c51f82ffa600ce7cb056421

  • SHA512

    47cc1928c53a63c948b4369edc8dcdc51eb721ed59f6dcfd3b69814f7655a51274c58634e70a931d09113a78fca81bfb5a754d329f63634f082bb6097285b07d

  • SSDEEP

    384:bh3Z2HU/6wUNldJX7Un9NJzySa3XmIupYSgIXAnR+G:32HUcNFENJO32mRwIR

  Score

  10^/10

  asyncratstormkittydefaultcredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Async RAT payload

    rat

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2