General
-
Target
SecuriteInfo.com.HEUR.Backdoor.Win32.Agent.gen.2809.4386.exe
-
Size
2.6MB
-
Sample
241019-z7wbfs1gqr
-
MD5
13d33a7b26b28c2fcd4508b5207df238
-
SHA1
191d203c8d3bb987e900e48327f7a6c263886835
-
SHA256
e407bd010e2e640169a2812066864cd837b10506f01316dc2cada9ba64d99428
-
SHA512
0a20d3167d09c9b461034e01906ef985f513a4f2d103dc30f687e2561acd567dc662747e56c8abe051a4cd70264909257e9992ccc9d04cc1d5e45b46768f25e9
-
SSDEEP
49152:UcAlPK3HHE8IGnvZ35VMvIL9LwoqxNzO1Gfj+/CEPckJkr3EKz7kSTJWK9:9UUHjzxsvILCoBGLw0RLz7tAK9
Malware Config
Targets
-
-
Target
SecuriteInfo.com.HEUR.Backdoor.Win32.Agent.gen.2809.4386.exe
-
Size
2.6MB
-
MD5
13d33a7b26b28c2fcd4508b5207df238
-
SHA1
191d203c8d3bb987e900e48327f7a6c263886835
-
SHA256
e407bd010e2e640169a2812066864cd837b10506f01316dc2cada9ba64d99428
-
SHA512
0a20d3167d09c9b461034e01906ef985f513a4f2d103dc30f687e2561acd567dc662747e56c8abe051a4cd70264909257e9992ccc9d04cc1d5e45b46768f25e9
-
SSDEEP
49152:UcAlPK3HHE8IGnvZ35VMvIL9LwoqxNzO1Gfj+/CEPckJkr3EKz7kSTJWK9:9UUHjzxsvILCoBGLw0RLz7tAK9
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-