General
-
Target
NLBruteACTIVATEOR.exe
-
Size
226KB
-
Sample
241019-qemzyaxepf
-
MD5
dbd8368aacabeb2f3007f2e41651e43e
-
SHA1
fc83221eca35d6fe5e71d12caa63d6b19fc702b5
-
SHA256
06da872afe3d9c80535c2fccdbe7054d299de1285cdf3666fa1a69a1a288c287
-
SHA512
4580870152c081843e0d6de2d6ad6a7b4b6fda017b09722720bb87c3ca790765cf355a6abf20810217085d8dc00a6fc2fe517d069214f64387ad59880a632f32
-
SSDEEP
3072:Z+STW8djpN6izj8mZw/Zf7/dFoUbBjXpW+WQwARPzjjyCYNMUL6+Wp0:m8XN6W8mm/VgUbfNBdnGd
Behavioral task
behavioral1
Sample
NLBruteACTIVATEOR.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
NLBruteACTIVATEOR.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5787513945:AAHk4B_J3fjaWnYKNH9snbwB6zLOSTidL0E/sendMessage?chat_id=5611920321
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
NLBruteACTIVATEOR.exe
-
Size
226KB
-
MD5
dbd8368aacabeb2f3007f2e41651e43e
-
SHA1
fc83221eca35d6fe5e71d12caa63d6b19fc702b5
-
SHA256
06da872afe3d9c80535c2fccdbe7054d299de1285cdf3666fa1a69a1a288c287
-
SHA512
4580870152c081843e0d6de2d6ad6a7b4b6fda017b09722720bb87c3ca790765cf355a6abf20810217085d8dc00a6fc2fe517d069214f64387ad59880a632f32
-
SSDEEP
3072:Z+STW8djpN6izj8mZw/Zf7/dFoUbBjXpW+WQwARPzjjyCYNMUL6+Wp0:m8XN6W8mm/VgUbfNBdnGd
-
StormKitty payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1