General

  • Target

    Seed Checker ETH, BTC.rar

  • Size

    55.6MB

  • Sample

    240829-rxte4sydlr

  • MD5

    ae857cac72705d185f759e26e9e86004

  • SHA1

    2714f55d8657209d946773fd84e281a0b21cc919

  • SHA256

    eb9aed43c5e467dfc1405d4439c9a457bcdaf55e054aa63b79e30368d9fc71c7

  • SHA512

    ecbb061550298385a695c428b73665cad085f81a4328baa88fbf270a43b033e7c2a20e45ee298a800940f6e84825b27acade5c05c75e71eb151f359de9a776c0

  • SSDEEP

    1572864:wBI/ySVG8cx5AQhXSOihh/Wb9wSWOXHx0JaZ:w2HVGJx2QhetWb70S

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6963019635:AAHntP5miIo8etbimq15Z3CfUmRmamNn_Qs/sendMessage?chat_id=5901231421

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Seed Checker ETH, BTC.rar

    • Size

      55.6MB

    • MD5

      ae857cac72705d185f759e26e9e86004

    • SHA1

      2714f55d8657209d946773fd84e281a0b21cc919

    • SHA256

      eb9aed43c5e467dfc1405d4439c9a457bcdaf55e054aa63b79e30368d9fc71c7

    • SHA512

      ecbb061550298385a695c428b73665cad085f81a4328baa88fbf270a43b033e7c2a20e45ee298a800940f6e84825b27acade5c05c75e71eb151f359de9a776c0

    • SSDEEP

      1572864:wBI/ySVG8cx5AQhXSOihh/Wb9wSWOXHx0JaZ:w2HVGJx2QhetWb70S

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks