Overview

overview

10

Static

static

10

Test Stealer.exe

windows7-x64

10

Test Stealer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Test Stealer.exe

  • Size

    175KB

  • Sample

    240917-nje4sazhqj

  • MD5

    2b48f7b259b005b2e631220ac8438384

  • SHA1

    23aa16c5d9ac21f7290124bf7fc70e5e64289990

  • SHA256

    c0f50dd8b7b2d1dc771405942bebb47f463b6bf428bfaa176f7eb53c05acbfcb

  • SHA512

    613eedb1346969d90706f9286942f99adc549dbc8b737050011e26fa9f2a8594f7b5dcf0d67b2b2a030d9865a2e7282b6a09a13dd8bd312dfa207fdf2fd3bc77

  • SSDEEP

    3072:ke8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTewARE+WpCc:A6ewwIwQJ6vKX0c5MlYZ0b2z

Score
10/10
asyncratstormkittydefaultcredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7412483830:AAFGRNGOBPOLpANH2aByksFYaKxn8jo5hnQ/sendMessage?chat_id=5499271096
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Test Stealer.exe

    • Size

      175KB

    • MD5

      2b48f7b259b005b2e631220ac8438384

    • SHA1

      23aa16c5d9ac21f7290124bf7fc70e5e64289990

    • SHA256

      c0f50dd8b7b2d1dc771405942bebb47f463b6bf428bfaa176f7eb53c05acbfcb

    • SHA512

      613eedb1346969d90706f9286942f99adc549dbc8b737050011e26fa9f2a8594f7b5dcf0d67b2b2a030d9865a2e7282b6a09a13dd8bd312dfa207fdf2fd3bc77

    • SSDEEP

      3072:ke8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTewARE+WpCc:A6ewwIwQJ6vKX0c5MlYZ0b2z

    Score
    10/10
    asyncratstormkittydefaultcredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks