Extracted

• • Target

    Keymaker-TechABlack/KeyGeneratot Bandicam @blackhatmonk.exe

  • Size

    478KB

  • MD5

    26ca012f7b29271c97137f0cd8e5d421

  • SHA1

    022f1bf2c46287b04e15ef9a45c052a04aa829fc

  • SHA256

    9d86929933b6db00851752741de5cf41dc509a79a1a78150d02ba62eaecbc8da

  • SHA512

    97607ba7f790e73111332b08f462ec594a44fffafcd75bc334232254addbf2e1cfce749a7d802873941b68ccf03c1a939f547e9fcb7fcbea24317bba900c3a9d

  • SSDEEP

    6144:7m/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvNmL76PMVrL+b4pbIImpR:7m/Q6P8j/svm1TXI5tZB1L759pX

  Score

  10^/10

  asyncratstormkittydefaultcollectiondiscoveryratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1