Overview

overview

10

Static

static

10

73a9d400ec...cN.exe

windows7-x64

10

73a9d400ec...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73a9d400ec036c13aa98264260f3a591c7c5cf2dcfe4aef291a80d7342cb5f7cN.exe

  • Size

    175KB

  • Sample

    240926-gw3x2s1hjk

  • MD5

    5f4cf7b1c93914ded1b3b03640206860

  • SHA1

    4be601b30207dce8a1c2d9ac555a00cf5f4b0277

  • SHA256

    73a9d400ec036c13aa98264260f3a591c7c5cf2dcfe4aef291a80d7342cb5f7c

  • SHA512

    c3fcab7376ef6d8ebecfd05ea995b7af1c2474480ff7051d4352ba1990c5d4e7758cb4545027d0ce4db26b1e6d879ae2a3733087b01ba81f68d33cd448e7d600

  • SSDEEP

    3072:ue8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTbwARE+WpCc:m6ewwIwQJ6vKX0c5MlYZ0b2Y

Score
10/10
asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7537463894:AAGxsWFkyCCrHoRdX2EGTdU3KBp_dxGYxOg/sendMessage?chat_id=6753323467
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      73a9d400ec036c13aa98264260f3a591c7c5cf2dcfe4aef291a80d7342cb5f7cN.exe

    • Size

      175KB

    • MD5

      5f4cf7b1c93914ded1b3b03640206860

    • SHA1

      4be601b30207dce8a1c2d9ac555a00cf5f4b0277

    • SHA256

      73a9d400ec036c13aa98264260f3a591c7c5cf2dcfe4aef291a80d7342cb5f7c

    • SHA512

      c3fcab7376ef6d8ebecfd05ea995b7af1c2474480ff7051d4352ba1990c5d4e7758cb4545027d0ce4db26b1e6d879ae2a3733087b01ba81f68d33cd448e7d600

    • SSDEEP

      3072:ue8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTbwARE+WpCc:m6ewwIwQJ6vKX0c5MlYZ0b2Y

    Score
    10/10
    asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks