Extracted

• • Target

    Infected.exe

  • Size

    63KB

  • MD5

    9efaf6b98fdde9df4532d1236b60619f

  • SHA1

    5d1414d09d54de16b04cd0cd05ccfc0692588fd1

  • SHA256

    7c8a5e6cf4e451d61157e113f431a1f3e606fba0e7147ffa9a8f429cb60e47d6

  • SHA512

    eabc2c58a7b2d636f13b149199f2dc943c4af3296c5a4605b72293294a449a2ea8da432238748ca2fb69fb944a31ac6fae7e5310cdc57609e5955f62b71e812d

  • SSDEEP

    768:PHMvlKazXYN78NwC8A+XuqazcBRL5JTk1+T4KSBGHmDbD/ph0oXtKnk+SusdpqKX:EtTXA9dSJYUbdh9dJusdpqKmY7

  Score

  10^/10

  asyncratstealeriumstormkittydefaultcollectiondiscoveryexecutionpersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Stealerium family

    stealerium

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Command and Scripting Interpreter: PowerShell

    Start PowerShell.

    execution
  behavioral1