General
-
Target
ChromeSetup.exe
-
Size
930KB
-
Sample
241107-yry7qsxhlr
-
MD5
de04168171981a90f56a126ec055ba19
-
SHA1
766704b6e12a7db436663eb7e287160e736979b7
-
SHA256
c891493c98f76e82e18c0e57e51b96fe8da86b086d67632e2495a793d3298bf2
-
SHA512
784f4b6954a56e2f09f3b3f1d29ae6d1ad14c814f3aad6391972654c398c68bcf7745902c368cbfcb8778f16cb33aa62210c937d48e6d8876d567fcd2a657013
-
SSDEEP
12288:lS6vgPZN3V4smWPc7H3/BPyf13SFyIz8VOHa8ASSMCFFi0mWWaos2Z8kM+:06vqtcDZPyf13WyODSMyc08aoz8kM
Malware Config
Targets
-
-
Target
ChromeSetup.exe
-
Size
930KB
-
MD5
de04168171981a90f56a126ec055ba19
-
SHA1
766704b6e12a7db436663eb7e287160e736979b7
-
SHA256
c891493c98f76e82e18c0e57e51b96fe8da86b086d67632e2495a793d3298bf2
-
SHA512
784f4b6954a56e2f09f3b3f1d29ae6d1ad14c814f3aad6391972654c398c68bcf7745902c368cbfcb8778f16cb33aa62210c937d48e6d8876d567fcd2a657013
-
SSDEEP
12288:lS6vgPZN3V4smWPc7H3/BPyf13SFyIz8VOHa8ASSMCFFi0mWWaos2Z8kM+:06vqtcDZPyf13WyODSMyc08aoz8kM
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Nightingale family
-
Nightingale stealer
Nightingale stealer is an information stealer written in C#.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-