General

  • Target

    b3e3a88f9cb278546154087f76d8a2d55750592733b3e4d01c757f75972fa83c

  • Size

    170KB

  • Sample

    241128-c43vss1qbz

  • MD5

    75d9913194a42bcaf3c1d33167ab584f

  • SHA1

    6c77a871e5c67f265ed5c7c0df7ebb63ba0d7da8

  • SHA256

    b3e3a88f9cb278546154087f76d8a2d55750592733b3e4d01c757f75972fa83c

  • SHA512

    aace4ee38e7343515937c1586e5b41b299e2299b402e5f41bdca544a6afdbb54bd539a3f4472969163e138d6df5f63c67fe955b2c9c271545b3f19c92cdba383

  • SSDEEP

    3072:2+STW8djpN6izj8mZwNVOHq0HyKqIPu/C9bcJ2cKPfV76+WpT:L8XN6W8mm/eHXPSC9b4MV

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7734385742:AAHKSj_7Tq8Z69W2PH2MrHKyblq4d4tM3vE/sendMessage?chat_id=7571391032

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
fTgCfu1pizrAdePdA11mS0i7KiE2UKgc

Targets

    • Target

      b3e3a88f9cb278546154087f76d8a2d55750592733b3e4d01c757f75972fa83c

    • Size

      170KB

    • MD5

      75d9913194a42bcaf3c1d33167ab584f

    • SHA1

      6c77a871e5c67f265ed5c7c0df7ebb63ba0d7da8

    • SHA256

      b3e3a88f9cb278546154087f76d8a2d55750592733b3e4d01c757f75972fa83c

    • SHA512

      aace4ee38e7343515937c1586e5b41b299e2299b402e5f41bdca544a6afdbb54bd539a3f4472969163e138d6df5f63c67fe955b2c9c271545b3f19c92cdba383

    • SSDEEP

      3072:2+STW8djpN6izj8mZwNVOHq0HyKqIPu/C9bcJ2cKPfV76+WpT:L8XN6W8mm/eHXPSC9b4MV

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.