Extracted

• • Target

    cafb60920939bd2079d96f2e6e73f87632bc15bd72998f864e8968f7aab9623b.exe

  • Size

    1.7MB

  • MD5

    40f8c17c136d4dc83b130c9467cf6dcc

  • SHA1

    e9b6049aa7da0af9718f2f4ae91653d9bac403bb

  • SHA256

    cafb60920939bd2079d96f2e6e73f87632bc15bd72998f864e8968f7aab9623b

  • SHA512

    6760a0752957535ec45ce3307e31569ac263eb73157d6a424d6e30647651a4e93db7c0378028d9e0ce07e65a357d2bb81047064ccda2f6a13fa7402ee7794c2d

  • SSDEEP

    49152:IkXhu5J6iLKcMu/FQHujIytryx1GLMfzhh9JHTJ6qyrBbL:I0i9/COjIhkMfzhhMf

  Score

  10^/10

  asyncratdefaultdiscoveryevasionratstormkittyspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Async RAT payload

    rat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2