General
-
Target
aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90.exe
-
Size
175KB
-
Sample
241126-dlalzaxpcm
-
MD5
ca2797a0546811e8c96734ea7d4971bb
-
SHA1
b62dbb4d79ef0e946131124274af13bf93c96803
-
SHA256
aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90
-
SHA512
ccd1c1b827e57e6859b09af3e359a2fbdbdddf2d8da9af0f420ffc7f1306653d45d77397a1eb367b3104c1cd961a7fbb8d44a3b13de28dfc7327480dcc6a179a
-
SSDEEP
3072:Ne8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTIwARE+WpCcN:R6ewwIwQJ6vKX0c5MlYZ0b2Js
Behavioral task
behavioral1
Sample
aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90.exe
-
Size
175KB
-
MD5
ca2797a0546811e8c96734ea7d4971bb
-
SHA1
b62dbb4d79ef0e946131124274af13bf93c96803
-
SHA256
aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90
-
SHA512
ccd1c1b827e57e6859b09af3e359a2fbdbdddf2d8da9af0f420ffc7f1306653d45d77397a1eb367b3104c1cd961a7fbb8d44a3b13de28dfc7327480dcc6a179a
-
SSDEEP
3072:Ne8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTIwARE+WpCcN:R6ewwIwQJ6vKX0c5MlYZ0b2Js
-
Asyncrat family
-
StormKitty payload
-
Stormkitty family
-
A potential corporate email address has been identified in the URL: WorldWindProResultsDate2024112630524AMSystemWindows10Pro64BitUsernameAdminCompNameYLFOGIOELanguageenUSAntivirusNotinstalledHardwareCPU12thGenIntelRCoreTMi512400GPUMicrosoftBasicDisplayAdapterRAM16154MBHWIDUnknownPowerNoSystemBattery1Screen1280x720NetworkGatewayIP10.127.0.1InternalIP10.127.1.54ExternalIP181.215.176.83BSSID1acd5d41dbb4DomainsinfoBankLogsNodataCryptoLogsNodataFreakyLogsNodataLogsBookmarks5SoftwareDeviceWindowsproductkeyDesktopscreenshotFileGrabberDatabasefiles6TelegramChannel@XSplinter
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1