General
-
Target
Seed Checker ETH, BTC.rar
-
Size
55.6MB
-
Sample
240829-rxte4sydlr
-
MD5
ae857cac72705d185f759e26e9e86004
-
SHA1
2714f55d8657209d946773fd84e281a0b21cc919
-
SHA256
eb9aed43c5e467dfc1405d4439c9a457bcdaf55e054aa63b79e30368d9fc71c7
-
SHA512
ecbb061550298385a695c428b73665cad085f81a4328baa88fbf270a43b033e7c2a20e45ee298a800940f6e84825b27acade5c05c75e71eb151f359de9a776c0
-
SSDEEP
1572864:wBI/ySVG8cx5AQhXSOihh/Wb9wSWOXHx0JaZ:w2HVGJx2QhetWb70S
Static task
static1
Behavioral task
behavioral1
Sample
Seed Checker ETH, BTC.rar
Resource
win11-20240802-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6963019635:AAHntP5miIo8etbimq15Z3CfUmRmamNn_Qs/sendMessage?chat_id=5901231421
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Seed Checker ETH, BTC.rar
-
Size
55.6MB
-
MD5
ae857cac72705d185f759e26e9e86004
-
SHA1
2714f55d8657209d946773fd84e281a0b21cc919
-
SHA256
eb9aed43c5e467dfc1405d4439c9a457bcdaf55e054aa63b79e30368d9fc71c7
-
SHA512
ecbb061550298385a695c428b73665cad085f81a4328baa88fbf270a43b033e7c2a20e45ee298a800940f6e84825b27acade5c05c75e71eb151f359de9a776c0
-
SSDEEP
1572864:wBI/ySVG8cx5AQhXSOihh/Wb9wSWOXHx0JaZ:w2HVGJx2QhetWb70S
-
StormKitty payload
-
Async RAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1