asyncrat | ec17c87657c179cf67a732f1e21542bbf7ed3a1042b686118f42ec8ca61beea5 | Triage

Submit
Reports

Overview

overview

Static

static

ec17c87657...a5.exe

windows7-x64

9

ec17c87657...a5.exe

windows10-2004-x64

9

Sharing

General

Target

ec17c87657c179cf67a732f1e21542bbf7ed3a1042b686118f42ec8ca61beea5
Size

545KB
Sample

241003-jkxm1awbrg
MD5

a115478a0b50daa5f7769fdac306c4f9
SHA1

ccf4c3fb97e766825731b758a004b315ae984a85
SHA256

ec17c87657c179cf67a732f1e21542bbf7ed3a1042b686118f42ec8ca61beea5
SHA512

f849f4aa57637f48de6ee9eb1afa5f27f423222fef3e432a1e67c517211ad28619c9e8e7ed0bc26d09683c55c4685413196e9a7d6a66078662f087886307986f
SSDEEP

12288:G9vE+VF9mOx9ukEv3g6drKcXrCf/QOKx/KjWFY:+vE+V3mOGk+dddCf3klY

Score

10^/10

asyncrat stormkitty collection discovery rat spyware stealer

Static task

static1

rat asyncrat stormkitty

7 signatures

Behavioral task

behavioral1

Sample

ec17c87657c179cf67a732f1e21542bbf7ed3a1042b686118f42ec8ca61beea5.exe

Resource

win7-20240903-en

collection discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec17c87657c179cf67a732f1e21542bbf7ed3a1042b686118f42ec8ca61beea5.exe

Resource

win10v2004-20240802-en

collection discovery spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec17c87657c179cf67a732f1e21542bbf7ed3a1042b686118f42ec8ca61beea5
- Size
  
  545KB
- MD5
  
  a115478a0b50daa5f7769fdac306c4f9
- SHA1
  
  ccf4c3fb97e766825731b758a004b315ae984a85
- SHA256
  
  ec17c87657c179cf67a732f1e21542bbf7ed3a1042b686118f42ec8ca61beea5
- SHA512
  
  f849f4aa57637f48de6ee9eb1afa5f27f423222fef3e432a1e67c517211ad28619c9e8e7ed0bc26d09683c55c4685413196e9a7d6a66078662f087886307986f
- SSDEEP
  
  12288:G9vE+VF9mOx9ukEv3g6drKcXrCf/QOKx/KjWFY:+vE+V3mOGk+dddCf3klY
Score

9^/10

collection discovery spyware stealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratasyncratstormkitty

behavioral1

collectiondiscoveryspywarestealer

behavioral2

collectiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy