Extracted

• • Target

    Numifyv3CrackedbySpArtOr.exe

  • Size

    1.7MB

  • MD5

    9367e0761d4373058b2393bfef4d6152

  • SHA1

    9dafb96154407397032cc33e1bdc48386b382651

  • SHA256

    b3168e2d3722135e86a89e98cf1a4818ecc6ba49617ab918651b1fc73cc7aa2c

  • SHA512

    a356778004fa607ef38085fb56263bf018f8382e20eef0451f0029dd7bea0d81604e0b575696c89e27f4d6ca04c94a54d028d8979f59cd67caae64b08c4c5172

  • SSDEEP

    12288:M4eMCTWwx/bV8vrzRVRR+4jVPv8SO13uo9RyAA2omknabab8pdHbaZ3VzCOG+40:MLZ8vrzRVRRFjJv8SO1KAA2omNDUGY

  Score

  10^/10

  asyncratneshtastormkittydefaultcredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Neshta payload

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Async RAT payload

    rat

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2