Overview

overview

10

Static

static

1

Samsung_Jo...df.lnk

windows7-x64

8

Samsung_Jo...df.lnk

windows10-2004-x64

10

Samsungwork.bin

windows7-x64

3

Samsungwork.bin

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb43edc52b7358dd993e2e6343ae4f59492e4b95651ed7877e17da1f5d214ba6.ZIP

  • Size

    47.7MB

  • Sample

    241128-n5sa8ssnbj

  • MD5

    cf97364f1550c9a52e9f87f3ddf2c4ed

  • SHA1

    5d22f99277f4b42605abee708fd265251926e27d

  • SHA256

    eb43edc52b7358dd993e2e6343ae4f59492e4b95651ed7877e17da1f5d214ba6

  • SHA512

    8489ab75ed667fd75b12df3b789141bd79e4a4be8a21a968789e912c09dc7df5648d32327d7cf75aa5bacfaa205e77f2801216e30f987a059399d83459f56e61

  • SSDEEP

    96:TRTzsPp+6DAMgXHeG/gPksN9z3CrM3A2dHvmTU2birCWxXJsf+ONOBl3xug5WNUK:NsRD4XakQx3CrMQ4miDZO+OOfADX

Score
10/10
asyncratstormkittydefense_evasiondiscoveryexecutionpersistenceratstealer

Malware Config

Targets

    • Target

      Samsung_Job_Application_Document.pdf.lnk

    • Size

      47.7MB

    • MD5

      c2dbb808a94f755506367a63757d3007

    • SHA1

      9dc8794486160c1b282f50b1e2aa234c77c17c84

    • SHA256

      b55282e00322a4e28d888c1c252218251366f45639ba5212829e4b3d25dbc50e

    • SHA512

      c59e52c3b7b74ab5b88d7a8b17a8c8aaaf3aaf9af07dd838d6b785442fef4811e1c01f4aa136e0eef631bce636b9fa652a12a968aa3114d03d911557658370e9

    • SSDEEP

      24:8DiJ6Kx96xxuJB5J+/ZehoCiyng48HGbuOk6OYuOdZqddqVRVXuHYSJmrS:8DhKzhJPQ+oAg6SOHOxOdkd0tXuHdJ2

    Score
    10/10
    executionasyncratstormkittydefense_evasiondiscoverypersistenceratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Samsungwork.bin

    • Size

      22KB

    • MD5

      af7eb8652daecaa96592c6de8992c154

    • SHA1

      a599e26cce6a65f06d6bb44a0d40c34c540e64fd

    • SHA256

      a116b3ab66c8df39a7ed1562bc4c8c479bdbfd2baeb5529eace426be69e4cdb5

    • SHA512

      d8169b471eec243610febf5255f84b5f3bd4c0078325852ea939d661c6caa6db9713a50a5ef0e30c9de1ae4ca2b8c3911a98ccd57b70ec8e7c103cc0a5aa8cac

    • SSDEEP

      96:oZS0VWxJyk2q1m5Za4v7FXHF/zPnHQpf4uMXNQ6YXx51FNIRD4G8ZYlIhOsKRDRI:oYMMI5ZTFLPHQiuMyzx5QvsKRDRyX

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks