Overview

overview

10

Static

static

3

RebelCracked.exe

windows7-x64

10

RebelCracked.exe

windows10-2004-x64

10

Resubmissions

01-10-2024 19:23

241001-x3tkyszekh 10

01-10-2024 19:14

241001-xxtc1awdmj 10

30-09-2024 22:07

240930-11v8jsxdnm 10

30-09-2024 21:59

240930-1wfmas1crg 10

30-09-2024 20:26

240930-y8bg1atepl 10

26-09-2024 20:34

240926-zcgvkszbmg 10

26-09-2024 19:28

240926-x6rkrstfrr 10

26-09-2024 19:21

240926-x2mq1swhnh 10

26-09-2024 19:20

240926-x19jdstdpl 10

25-09-2024 21:15

240925-z4dx1a1elf 10

Analysis

  • max time kernel
    2s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2024 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RebelCracked.exe

  • Size

    344KB

  • MD5

    a84fd0fc75b9c761e9b7923a08da41c7

  • SHA1

    2597048612041cd7a8c95002c73e9c2818bb2097

  • SHA256

    9d9a79f4ae9bf7a992945f6c06c5bec642c05e4e828217c50255dabfa3677006

  • SHA512

    a17f1144a0e3ce07c7ed6891987c5b969f291e9991442c33750028d35e2194794e8a649c397e8afc9f8ce19d485c453600c75cab4fcead09e38414d85819251a

  • SSDEEP

    6144:lOcpeK8lucxAtLNFHUVuI/2zj1z6jZ755NofmWx4PCQL23wBw7R0ljTwrVuAdJKp:QcpSnx0LNFDQ60Ntbo5d7gBw7R7rbdJk

Score
10/10
asyncratstormkittydefaultratstealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\RebelCracked.exe
    "C:\Users\Admin\AppData\Local\Temp\RebelCracked.exe"
    1⤵
      PID:2492
      • C:\Users\Admin\AppData\Local\RuntimeBroker.exe
        "C:\Users\Admin\AppData\Local\RuntimeBroker.exe"
        2⤵
          PID:484
          • C:\Users\Admin\AppData\Local\RuntimeBroker.exe
            "C:\Users\Admin\AppData\Local\RuntimeBroker.exe"
            3⤵
              PID:2660
          • C:\Users\Admin\AppData\Local\Temp\RebelCracked.exe
            "C:\Users\Admin\AppData\Local\Temp\RebelCracked.exe"
            2⤵
              PID:2324

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\RuntimeBroker.exe
            Filesize

            330KB

            MD5

            75e456775c0a52b6bbe724739fa3b4a7

            SHA1

            1f4c575e98d48775f239ceae474e03a3058099ea

            SHA256

            e8d52d0d352317b3da0be6673099d32e10e7b0e44d23a0c1a6a5277d37b95cf3

            SHA512

            b376146c6fa91f741d69acf7b02a57442d2ea059be37b9bdb06af6cc01272f4ded1a82e4e21b9c803d0e91e22fc12f70391f5e8c8704d51b2435afc9624e8471

            Download Submit

          • memory/484-11-0x0000000000AB0000-0x0000000000B08000-memory.dmp

            Filesize

            352KB

            Download

          • memory/484-13-0x0000000000310000-0x000000000031A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/484-12-0x00000000003C0000-0x000000000040A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/2324-9-0x000007FEF5BE0000-0x000007FEF65CC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2492-10-0x000007FEF5BE0000-0x000007FEF65CC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2492-0-0x000007FEF5BE3000-0x000007FEF5BE4000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2492-7-0x000007FEF5BE0000-0x000007FEF65CC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2492-1-0x0000000000800000-0x000000000085C000-memory.dmp

            Filesize

            368KB

            Download

          • memory/2660-21-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2660-28-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2660-26-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2660-24-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2660-23-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2660-19-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2660-17-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/2660-15-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download