General
-
Target
WorldWindClient.exe
-
Size
588KB
-
Sample
240916-tz34faxfle
-
MD5
a2d1840cfa3df456937d0d5f43f07695
-
SHA1
aa1ae2e029179ce1931e52b48434489ec8cd283e
-
SHA256
d21e6d6a03bc1c9de431bf576de0a6badc7aff0adbac35689564479ffda42d05
-
SHA512
c123ad0b56bb78e329db6320f19e022bdb1175ed8145dc94cdf1dc1249b08d5f6b682d282ef9c4164cc17101687284532aeba6a9c01f012d9f4ebfab2b79d059
-
SSDEEP
3072:i+SDW8djpN6izj8mZwICSjs5sSGmUbBES93MoUU4lCfeucmfL6+Wp7FiIhCQ:v8XN6W8mmIW/UbVQULfeamiIhC
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
WorldWindClient.exe
-
Size
588KB
-
MD5
a2d1840cfa3df456937d0d5f43f07695
-
SHA1
aa1ae2e029179ce1931e52b48434489ec8cd283e
-
SHA256
d21e6d6a03bc1c9de431bf576de0a6badc7aff0adbac35689564479ffda42d05
-
SHA512
c123ad0b56bb78e329db6320f19e022bdb1175ed8145dc94cdf1dc1249b08d5f6b682d282ef9c4164cc17101687284532aeba6a9c01f012d9f4ebfab2b79d059
-
SSDEEP
3072:i+SDW8djpN6izj8mZwICSjs5sSGmUbBES93MoUU4lCfeucmfL6+Wp7FiIhCQ:v8XN6W8mmIW/UbVQULfeamiIhC
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1