Overview

overview

10

Static

static

1

Cryos Woofer.exe

windows10-2004-x64

10

.data

windows10-2004-x64

3

.rdata

windows10-2004-x64

3

.reloc

windows10-2004-x64

3

.rsrc/DIALOG/105

windows10-2004-x64

1

.rsrc/DIALOG/106

windows10-2004-x64

1

.rsrc/DIALOG/111

windows10-2004-x64

1

.rsrc/GROUP_ICON/103

windows10-2004-x64

1

.rsrc/ICON/1.png

windows10-2004-x64

3

.rsrc/ICON/2.png

windows10-2004-x64

3

.rsrc/MANIFEST/1.xml

windows10-2004-x64

1

.text

windows10-2004-x64

3

CERTIFICATE

windows10-2004-x64

1

[0]

windows10-2004-x64

1

[1]

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cryos Woofer.exe

  • Size

    3.2MB

  • Sample

    241207-xma4nsyldt

  • MD5

    2129b89ba0537555b185f6fb819c0693

  • SHA1

    008c94d1dc3bcf3ae3ce4c735fad94f810b844b8

  • SHA256

    b250a8cb9042a96d90850ef165b43cd50624878916ab0dd259a577032912e055

  • SHA512

    005b4155242b4711b07e34f1435a6e7268d5d3217a44f99df6137280647d2673a078ea0d8e1f8ba192a2209777cf2ad0dc960373cceda11be0b4ecf36fc2048b

  • SSDEEP

    98304:t2BvT8knglXKHw6ub2NQOtmnuu4Yv21O5PEsOPR:t2ZYPGPzQ0muu4Yv/PROPR

Score
10/10
asyncratstormkittydiscoveryratstealer

Malware Config

Targets

    • Target

      Cryos Woofer.exe

    • Size

      3.2MB

    • MD5

      2129b89ba0537555b185f6fb819c0693

    • SHA1

      008c94d1dc3bcf3ae3ce4c735fad94f810b844b8

    • SHA256

      b250a8cb9042a96d90850ef165b43cd50624878916ab0dd259a577032912e055

    • SHA512

      005b4155242b4711b07e34f1435a6e7268d5d3217a44f99df6137280647d2673a078ea0d8e1f8ba192a2209777cf2ad0dc960373cceda11be0b4ecf36fc2048b

    • SSDEEP

      98304:t2BvT8knglXKHw6ub2NQOtmnuu4Yv21O5PEsOPR:t2ZYPGPzQ0muu4Yv/PROPR

    Score
    10/10
    asyncratstormkittydiscoveryratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    • Enumerates processes with tasklist

      discovery
    behavioral1

    • Target

      .data

    • Size

      512B

    • MD5

      77f0839f8ebea31040e462523e1c770e

    • SHA1

      14806c91c6a06fe4fcb02a8a823ae334457cbdb6

    • SHA256

      c56f910b6057a45fbe5062083358ecddf9e603cdb2f2152a95fe80bdc22a4461

    • SHA512

      1d189125d7bd76d44b169e0885d514f99472c36ca6ceaaa8948bd54861c524b65df00a1cd25d24f7376c0aa4405cc2c139b01d71f6c7633a9218de9760d7892c

    Score
    3/10
    behavioral2

    • Target

      .rdata

    • Size

      11KB

    • MD5

      cca1ca3fbf99570f6de9b43ce767f368

    • SHA1

      63635b36bd655a189c82d2a8b32e42aa99f985de

    • SHA256

      05ee265c710ebb6c1280fccc249bbbacf24097d01bc4f9621c554726a40742f3

    • SHA512

      c0e0c39a80eaa282a5effe0aa76441c7740129024a13dc198ec0d79744a94b82e3f064d63a9e551152c404b592effe3fa3a2cec4da12a9a912137585fbf4a832

    • SSDEEP

      192:xBR1IorPNhxjQFOEopX7Bq343py7JRWVS7yWymPn:HRiaPblQFKnq343pwrWVaymPn

    Score
    3/10
    behavioral3

    • Target

      .reloc

    • Size

      4KB

    • MD5

      e275d2f2acbfadbc49b7b9d5b65bb5e8

    • SHA1

      65698472e4f23daaae7edfc2b0cca909cc7c994a

    • SHA256

      c0f2609888bf7025ef7fe714702f6ab02401f3b72cc5e20d100154ec1f08dc32

    • SHA512

      a7a2f2604c3a0d16d8bb55d16c80296915a46c2289b826fe6459a818d006d0ac6befc0c33a7141ff73239b07851fb043c3594d3ed2e63677c6285ae716bea0e7

    Score
    3/10
    behavioral4

    • Target

      .rsrc/DIALOG/105

    • Size

      256B

    • MD5

      3409f314895161597f3c395cc5f65525

    • SHA1

      1a99d016d65e567f24449d9362afb6ac44006d0b

    • SHA256

      fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96

    • SHA512

      f3e7394fa49325a7ea46728b77a5e819e18d63049d54c6adf36d08619709484f8bbd20206416d3c1440bd70632d99d9a45f3488482353f90aa21aa6ee3915427

    Score
    1/10
    behavioral5

    • Target

      .rsrc/DIALOG/106

    • Size

      284B

    • MD5

      2d12c45dc2c029044aaff357141cb900

    • SHA1

      083db861ab3c7db23c6257878296e73a89a74b8b

    • SHA256

      69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729

    • SHA512

      a50dcf605a914f0a6f94b3f815be159c2b729d005a25d6cc9120c4d34445cae2d0b20df3dbdc7672f316010c6a47079265548a1ed5a523896963b1a3ddf98a17

    Score
    1/10
    behavioral6

    • Target

      .rsrc/DIALOG/111

    • Size

      96B

    • MD5

      6be4e1387d369cf86e68eacbdd0e81dd

    • SHA1

      351970fe2681b9b35b5d59ad052011ed96a96e17

    • SHA256

      85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0

    • SHA512

      b81b287de73282cc5a7337559fbce5af01d1a440f04ee97c6a8e1de0c787ef38936c951b802014b841fc517fe7f2b916266dc8c35cd5de1ad0c630dc2218fa81

    Score
    1/10
    behavioral7

    • Target

      .rsrc/GROUP_ICON/103

    • Size

      34B

    • MD5

      86f716a0e53ff885f28e5573100f3a9d

    • SHA1

      c58127cc5da3d24db18219dc2943bc3a71a97eea

    • SHA256

      bfd576c3aaa9aa658ac279da62c727e6f37943496b01aab888d8ce224a3ae0ad

    • SHA512

      97ca50c871554751382c7974c6e4042e6c1436c3a290f4940c221b2a1ab5c09e721922fb6086b00097d13313243bc65fd8756694f3430c45520658ba86d71246

    Score
    1/10
    behavioral8

    • Target

      .rsrc/ICON/1

    • Size

      19KB

    • MD5

      a38bda9d36b4da2cf4eea2a916ed6608

    • SHA1

      7d45018c942e069a4615818ee176943061e648c9

    • SHA256

      0654edf6c4187af501d1a6d8360089aae8da93214ccf3bb5a3dfb5a583dd3888

    • SHA512

      dc82e42e475003916caa0eec77fc0da819134244de9b7f418b60c6925a5b7dbe2861cde84efb3bab323470976b77a378a866505530f669d376f69b354ae48ce7

    • SSDEEP

      384:Me16dG0t2rVqDNWQdKKJoJ1TiJJQEZMtVm9M2hBEbb0tCx9n8bW4:V1oG0t2r/Uk1Ti4EZXhWf0cx9g

    Score
    3/10
    behavioral9

    • Target

      .rsrc/ICON/2

    • Size

      3KB

    • MD5

      41e01a7887ec7b2740c5837f2c3da0c6

    • SHA1

      b85ce3d2b8d99782915bc1cf0f279e5cd104eda6

    • SHA256

      179f6c4d48691e6e99ab9905d2390f80c7ec86575886897b52c1f1413440808c

    • SHA512

      452d8896a94427094b399fcf7dff288580d08613378f7958fb4d24d88ff1673052259c8d32cd13600d386292096b62d6f3a5b624ee331c359cbf3d2fc0752ea0

    Score
    3/10
    behavioral10

    • Target

      .rsrc/MANIFEST/1

    • Size

      726B

    • MD5

      8ac7761540a25f0e446671e95051ad9d

    • SHA1

      dc2cbe444228a356272452dcda6a5f4f58bec4f7

    • SHA256

      46e35d3bb4e0d1dd59f3321fa8b908e7202b9bdf70151f941d58f9bee9c0ba67

    • SHA512

      7375e939af102200af9facde9a02296f074f06ca0e155b763f51f0bf0c41b66140d6eceaf720194650cb3bd4e5376d94a36bc9fc42fccdb1942894b9d13a1a93

    Score
    1/10
    behavioral11

    • Target

      .text

    • Size

      29KB

    • MD5

      419d4e1be1ac35a5db9c47f553b27cea

    • SHA1

      81b88fd425125756d41fada07ae1534b10c43c01

    • SHA256

      97e6da0d74b3c02e39efeb02c6f019b353e9891a3ea453f2fa0ecca3c3e526e2

    • SHA512

      17fea0a8c963ec9a6bdc562de750a4f8f527f2555f02d9df88b4e9ad41bdbd7fc37c0a303562f4834c195b485cc61284b6e19723bb376c23e08642884b70c121

    • SSDEEP

      768:JsGPXyrvq/Sb6LbQ7eM468vxRu1rnd6ffMmKZS/5hK9G3/2o9+4gn:WGarUa6LowvuhdNYh2Gf9rg

    Score
    3/10
    behavioral12

    • Target

      CERTIFICATE

    • Size

      24KB

    • MD5

      e0a2ccfbe2161ac4d6627223c4b8ac2f

    • SHA1

      bdc92256d6f441338ce1ef60d69c93b02194fdc5

    • SHA256

      053fa327193f853ee22d3432eda54a3145be9de2a7233303b74f7e0629ed8e16

    • SHA512

      f2f9577894eb364597ff3308757dd8652083aeadda3dbd8dde103ab7fc3f2ec741da9d8cd3f6746fc6c82ae53edebb102cbd83b97c652e2cdd7e76494e7fc55d

    • SSDEEP

      384:mpwKANy568E9VFzSJIVp3KHM7aDfpwKANy568E9VFzSJIVp3sNsl4:qEsUacsEsUg

    Score
    1/10
    behavioral13

    • Target

      [0]

    • Size

      2KB

    • MD5

      059d69bfce8a5a02a44dc984e6b7c4cc

    • SHA1

      ea2ecdd9709df9eb110ca06fe44cd24b55e4fb97

    • SHA256

      65af7b430d580514205c0f6a8ee051a2026f25cfe1a72ecc063f3d9eea96b36f

    • SHA512

      a27a6a312243ee3aa93644f5fb6956ce8e071e5e99f6e00ad39b0b2f2f627bf83974515a9622068d4ddb978a7c9f628d1ef76aaa7e2bac132d48776397c847c2

    Score
    1/10
    behavioral14

    • Target

      [1]

    • Size

      3.1MB

    • MD5

      100fa1ab143f5a02104079937bdf47aa

    • SHA1

      42196ec952e082d463b6eccae4e5f7cb99c07e15

    • SHA256

      d8b6b5d09b36eb5c3d8a703181ad8f964fd1e687be9c46059a8071669ce8829b

    • SHA512

      cad27faa9ba61425a9460f2ab2abe91c3991c6038236b140f9448a4c11149a1b8271be5192c82af1655a57e22a0e2efe475325e17d51ec73ecca1d9e0e8a259f

    • SSDEEP

      98304:F2BvT8knglXKHw6ub2NQOtmnuu4Yv21O5PEsOPA:F2ZYPGPzQ0muu4Yv/PROPA

    Score
    1/10
    behavioral15

MITRE ATT&CK Enterprise v15

Tasks