General

  • Target

    aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90.exe

  • Size

    175KB

  • Sample

    241126-dlalzaxpcm

  • MD5

    ca2797a0546811e8c96734ea7d4971bb

  • SHA1

    b62dbb4d79ef0e946131124274af13bf93c96803

  • SHA256

    aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90

  • SHA512

    ccd1c1b827e57e6859b09af3e359a2fbdbdddf2d8da9af0f420ffc7f1306653d45d77397a1eb367b3104c1cd961a7fbb8d44a3b13de28dfc7327480dcc6a179a

  • SSDEEP

    3072:Ne8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTIwARE+WpCcN:R6ewwIwQJ6vKX0c5MlYZ0b2Js

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90.exe

    • Size

      175KB

    • MD5

      ca2797a0546811e8c96734ea7d4971bb

    • SHA1

      b62dbb4d79ef0e946131124274af13bf93c96803

    • SHA256

      aee2aa11f6035fd4ffa55099d0da2e01affd08e57aab1947a2ac6f641659cd90

    • SHA512

      ccd1c1b827e57e6859b09af3e359a2fbdbdddf2d8da9af0f420ffc7f1306653d45d77397a1eb367b3104c1cd961a7fbb8d44a3b13de28dfc7327480dcc6a179a

    • SSDEEP

      3072:Ne8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTIwARE+WpCcN:R6ewwIwQJ6vKX0c5MlYZ0b2Js

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • A potential corporate email address has been identified in the URL: WorldWindProResultsDate2024112630524AMSystemWindows10Pro64BitUsernameAdminCompNameYLFOGIOELanguageenUSAntivirusNotinstalledHardwareCPU12thGenIntelRCoreTMi512400GPUMicrosoftBasicDisplayAdapterRAM16154MBHWIDUnknownPowerNoSystemBattery1Screen1280x720NetworkGatewayIP10.127.0.1InternalIP10.127.1.54ExternalIP181.215.176.83BSSID1acd5d41dbb4DomainsinfoBankLogsNodataCryptoLogsNodataFreakyLogsNodataLogsBookmarks5SoftwareDeviceWindowsproductkeyDesktopscreenshotFileGrabberDatabasefiles6TelegramChannel@XSplinter

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks