General
-
Target
flash paypal.exe
-
Size
175KB
-
Sample
240831-y3p37stclf
-
MD5
0d421a91631c3c2cae6533bd32e2e595
-
SHA1
9113e54ec2b864a4845cb14930aa60666e1a596a
-
SHA256
e1df166da9ba07ad1a5b1a105eac585f04ea67a023cca16f54bdbfa97bb39dd2
-
SHA512
1d677726303cb667c01d8d340f5632667c1929dd5965e7008eab2d1755a02823cff1f583ece6987085ed1eb28429afa2592e5f0b6b63a3bb8e9c17d77c69d8ad
-
SSDEEP
3072:Ue8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTIwAqE+Wpor:9Xtb5KcXr7XmfgqtjhAxZ0b2h
Behavioral task
behavioral1
Sample
flash paypal.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
flash paypal.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6381067446:AAEZEWH8wbF7Q1Kou81_S0sE6VwJZGJKneM/sendMessage?chat_id=5901231421
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
flash paypal.exe
-
Size
175KB
-
MD5
0d421a91631c3c2cae6533bd32e2e595
-
SHA1
9113e54ec2b864a4845cb14930aa60666e1a596a
-
SHA256
e1df166da9ba07ad1a5b1a105eac585f04ea67a023cca16f54bdbfa97bb39dd2
-
SHA512
1d677726303cb667c01d8d340f5632667c1929dd5965e7008eab2d1755a02823cff1f583ece6987085ed1eb28429afa2592e5f0b6b63a3bb8e9c17d77c69d8ad
-
SSDEEP
3072:Ue8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTIwAqE+Wpor:9Xtb5KcXr7XmfgqtjhAxZ0b2h
-
StormKitty payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1