General
-
Target
setup.zip
-
Size
1.1MB
-
Sample
241208-n8836axpgm
-
MD5
f1a1e48a1b717914efa37c23c9e26f33
-
SHA1
821c4a93335359c3e54d84df8935b6e4aca65078
-
SHA256
cd2a3b6dac6e3a9483df3ca219df51ca77ccfaa14213ca6ff25d072b4fee24eb
-
SHA512
bd1c0f3a95d4a465404f863b88236866250c64689162db205b9e22f0ebb7f3352e770a32961f77a62691c0dabd030fce5614cf735c342b01db60540cc99f707e
-
SSDEEP
12288:irJoIkjGs4Z3BvuHzuHfijjHIisCJ3HL4AV77Z2OIwfBPXquh7nwXzQzDYcKSlN1:kn3QT8qvoi53UAn0OIMxl7+uFZFQjnQ
Malware Config
Targets
-
-
Target
setup.zip
-
Size
1.1MB
-
MD5
f1a1e48a1b717914efa37c23c9e26f33
-
SHA1
821c4a93335359c3e54d84df8935b6e4aca65078
-
SHA256
cd2a3b6dac6e3a9483df3ca219df51ca77ccfaa14213ca6ff25d072b4fee24eb
-
SHA512
bd1c0f3a95d4a465404f863b88236866250c64689162db205b9e22f0ebb7f3352e770a32961f77a62691c0dabd030fce5614cf735c342b01db60540cc99f707e
-
SSDEEP
12288:irJoIkjGs4Z3BvuHzuHfijjHIisCJ3HL4AV77Z2OIwfBPXquh7nwXzQzDYcKSlN1:kn3QT8qvoi53UAn0OIMxl7+uFZFQjnQ
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Async RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-