Overview

overview

10

Static

static

3

nj230708full.pdf.exe

windows7-x64

10

nj230708full.pdf.exe

windows10-2004-x64

10

.data

windows7-x64

3

.data

windows10-2004-x64

3

.rdata

windows7-x64

3

.rdata

windows10-2004-x64

3

.reloc

windows7-x64

3

.reloc

windows10-2004-x64

3

.rsrc/DIALOG/105

windows7-x64

1

.rsrc/DIALOG/105

windows10-2004-x64

1

.rsrc/DIALOG/106

windows7-x64

1

.rsrc/DIALOG/106

windows10-2004-x64

1

.rsrc/DIALOG/111

windows7-x64

1

.rsrc/DIALOG/111

windows10-2004-x64

1

.rsrc/GROUP_ICON/103

windows7-x64

1

.rsrc/GROUP_ICON/103

windows10-2004-x64

1

.rsrc/ICON/1.png

windows7-x64

3

.rsrc/ICON/1.png

windows10-2004-x64

3

.rsrc/ICON/2.ico

windows7-x64

3

.rsrc/ICON/2.ico

windows10-2004-x64

3

.rsrc/ICON/3.ico

windows7-x64

3

.rsrc/ICON/3.ico

windows10-2004-x64

3

.rsrc/MANIFEST/1.xml

windows7-x64

3

.rsrc/MANIFEST/1.xml

windows10-2004-x64

1

.text

windows7-x64

3

.text

windows10-2004-x64

3

CERTIFICATE

windows7-x64

1

CERTIFICATE

windows10-2004-x64

1

[0]

windows7-x64

1

[0]

windows10-2004-x64

1

[1]

windows7-x64

1

[1]

windows10-2004-x64

1

Resubmissions

16-12-2024 09:53

241216-lw48bsvpfy 10

16-12-2024 09:15

241216-k739qsvmgp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nj230708full.pdf.exe

  • Size

    2.6MB

  • Sample

    241216-k739qsvmgp

  • MD5

    bd216fdea8517b5beb003e0ac03f536e

  • SHA1

    a3f3d4395b74da605bb1e068c846ccb531213f38

  • SHA256

    e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675

  • SHA512

    57dadcbd826b9d2cd99e82d1ba5ada998219378d9c1782388de06c9a2dddc754ec32ca89682cc56e5f38dd55e1a57ce5bd5cb2482ba655ecbbd76206f353d694

  • SSDEEP

    49152:ztJyfM3mq+li7JeXVn2GljPUXSrVFADPtMieH5nqwTs8X3jkXcMt:JUKmzi7Je4GljPUCrzAiieZq8IX3t

Score
10/10
asyncratstormkittydiscoveryratstealer

Malware Config

Targets

    • Target

      nj230708full.pdf.exe

    • Size

      2.6MB

    • MD5

      bd216fdea8517b5beb003e0ac03f536e

    • SHA1

      a3f3d4395b74da605bb1e068c846ccb531213f38

    • SHA256

      e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675

    • SHA512

      57dadcbd826b9d2cd99e82d1ba5ada998219378d9c1782388de06c9a2dddc754ec32ca89682cc56e5f38dd55e1a57ce5bd5cb2482ba655ecbbd76206f353d694

    • SSDEEP

      49152:ztJyfM3mq+li7JeXVn2GljPUXSrVFADPtMieH5nqwTs8X3jkXcMt:JUKmzi7Je4GljPUCrzAiieZq8IX3t

    Score
    10/10
    asyncratstormkittydiscoveryratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      .data

    • Size

      512B

    • MD5

      014871d9a00f0e0c8c2a7cd25606c453

    • SHA1

      92d7e0d8d66861f702d867dac616b7d02bca94ec

    • SHA256

      637a3943c555de3601588a8398252a905d18c17f9d49f750b812daa630abac68

    • SHA512

      3f1e945759614a0e0ee05d8cc7c9d3a9f0b2954f64c173dd8f755d6b422c0b2f1f7a5c3af8aa54f3c6909de65c125e048dd8d17ee55da3989c4b2c807d83874c

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      .rdata

    • Size

      11KB

    • MD5

      07990aaa54c3bc638bb87a87f3fb13e3

    • SHA1

      05985b7f60a664d2595e9406ae3b208c97597bbc

    • SHA256

      b38b34dfbb61b5fc0659b9861f09dfdaaa743cb97bf0134e7bab66a75ddc940e

    • SHA512

      0017dd49d85c6aa9e8351c7da60f1150cb241022664151f0d2182a7a344f46286eb9f131f75a5f1adcef57a1362689a3c40a37547acc262aba92b742c13b65ad

    • SSDEEP

      192:wiR1IorPNhxjQFOdiq343py7JRWVS7yWymPn:9RiaPblQFdq343pwrWVaymPn

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      .reloc

    • Size

      4KB

    • MD5

      7531f98f48bae981154531be7b0e3ec6

    • SHA1

      154defc8109ba0ee2834f575c61ca810c198bf2d

    • SHA256

      5451208cf24050fe1627207138157fd21e4cd3adea6ce5e865e9b03324b6c6c2

    • SHA512

      a8d9ec0b2d4e1311af7ec0409415053cbd9f912b4e6cec2337db08a4607f82aa3f713481484ce7d02c4d68b6354b7a87b5265f70a3071bf5be56e1b409910555

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      .rsrc/DIALOG/105

    • Size

      256B

    • MD5

      3409f314895161597f3c395cc5f65525

    • SHA1

      1a99d016d65e567f24449d9362afb6ac44006d0b

    • SHA256

      fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96

    • SHA512

      f3e7394fa49325a7ea46728b77a5e819e18d63049d54c6adf36d08619709484f8bbd20206416d3c1440bd70632d99d9a45f3488482353f90aa21aa6ee3915427

    Score
    1/10
    behavioral10behavioral9

    • Target

      .rsrc/DIALOG/106

    • Size

      284B

    • MD5

      2d12c45dc2c029044aaff357141cb900

    • SHA1

      083db861ab3c7db23c6257878296e73a89a74b8b

    • SHA256

      69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729

    • SHA512

      a50dcf605a914f0a6f94b3f815be159c2b729d005a25d6cc9120c4d34445cae2d0b20df3dbdc7672f316010c6a47079265548a1ed5a523896963b1a3ddf98a17

    Score
    1/10
    behavioral11behavioral12

    • Target

      .rsrc/DIALOG/111

    • Size

      96B

    • MD5

      6be4e1387d369cf86e68eacbdd0e81dd

    • SHA1

      351970fe2681b9b35b5d59ad052011ed96a96e17

    • SHA256

      85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0

    • SHA512

      b81b287de73282cc5a7337559fbce5af01d1a440f04ee97c6a8e1de0c787ef38936c951b802014b841fc517fe7f2b916266dc8c35cd5de1ad0c630dc2218fa81

    Score
    1/10
    behavioral13behavioral14

    • Target

      .rsrc/GROUP_ICON/103

    • Size

      48B

    • MD5

      5475b78c4d295ef33fa7c4cad987df82

    • SHA1

      3dd7ea065a1b4239c3334f4c07211863a1310c99

    • SHA256

      3da90ce10753199d9f58f971d7d801995ad710a6e4e8c0618f25b98187781d88

    • SHA512

      4595ddc41c56355f0739c63bc88122985c58e3db6ca086a489fe4ea7a831cf34c6e87911900447d4377a0cc6d41f00030f96883a39a98e52e8bec166845fcf1e

    Score
    1/10
    behavioral15behavioral16

    • Target

      .rsrc/ICON/1

    • Size

      5KB

    • MD5

      286c1e3fc7c04e3a023247c121ee6371

    • SHA1

      1a6db109430b2675b2d2823534a860efe5bed6df

    • SHA256

      7a712c0f6a6789e91ba148157c3b4e505624af6787c9a752194c497cf96f792c

    • SHA512

      0ac03fe4cf8cc6c085a58d5a660c4829e9aed410697cf321e4507fd7d6bc5da0a2e3583ee1d5ed80dfdd8853efef7173be678c13c46bd9ecf0477c4ef1193f86

    • SSDEEP

      96:2tyzC0VphrgyqtcKPENHd9jo5AIRNmgtCKFnxyDvhrLw6MCl2B/4pzs8o:2uCSpNAbPEZjoCIRogtCyoDJrk6K/4p0

    Score
    3/10
    behavioral17behavioral18

    • Target

      .rsrc/ICON/2.ico

    • Size

      9KB

    • MD5

      8c53ee979d8b2f018d3b1112fc9be0bf

    • SHA1

      05e3d0e7a6c9240e43b3e86258bac289b8a9c4cc

    • SHA256

      5991e82ea2414c7df992fabcf04de642a2e7ef75eb81ecda547032c87d15db28

    • SHA512

      019117cbe3f9804f91944155105a7de573464e6ee11146a68e88c0a9966eeda5a85db0e711481557642ed72bdd20f884ea658516ca96b3a56199290bb24632f0

    • SSDEEP

      96:az3NroA6lKKRly3TPDb2DU4a/EO/8OyOkVO7ObVYiVOdoKP2V:yroA6dvoj9EO/8OyOkVO7ObuiVOdJuV

    Score
    3/10
    behavioral19behavioral20

    • Target

      .rsrc/ICON/3.ico

    • Size

      4KB

    • MD5

      dc9948da9e52911b23480b34f995d723

    • SHA1

      655b9e00cc93f76a2b5bf7c024c756783da13432

    • SHA256

      e166c0f6f604ada1b09e4102cebd753f950a8efbb521d8adef45e4b5fb01f97b

    • SHA512

      c6d90f6a78866e2a95748680fc9d9309a9117149ef192d3acf2a37b3bb46a70927d0db6948bb0ab5c40765253f32f52b2ff08f311ed6b6118cbf40f46e516648

    • SSDEEP

      48:e1N0CCCCCCG2G5YbZ2zOunaj3vc6bUD1FZu3Ai3oSDqqFOTkSfbGHDH2ahRWeXTN:K0CCCCCCG2LNMOeaj3vZUBF3QvrM0Ui

    Score
    3/10
    behavioral21behavioral22

    • Target

      .rsrc/MANIFEST/1

    • Size

      726B

    • MD5

      8ac7761540a25f0e446671e95051ad9d

    • SHA1

      dc2cbe444228a356272452dcda6a5f4f58bec4f7

    • SHA256

      46e35d3bb4e0d1dd59f3321fa8b908e7202b9bdf70151f941d58f9bee9c0ba67

    • SHA512

      7375e939af102200af9facde9a02296f074f06ca0e155b763f51f0bf0c41b66140d6eceaf720194650cb3bd4e5376d94a36bc9fc42fccdb1942894b9d13a1a93

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      .text

    • Size

      27KB

    • MD5

      00499a6f70259150109c809d6aa0e6ed

    • SHA1

      3f4c995439cec283f1f51d71acb1f25bef740b63

    • SHA256

      6cbf0a221c26d69af8cab6a9925b0b331082df7f79d671fafe3f4942145c76a3

    • SHA512

      bad533ac5b9872c345212e7d70e23ab02dfa73b42882f76b45448d0a238afd1773e60ad755102a6d7b978af30acd78b0283b7f7f45c2cea9eacf869ea787a87d

    • SSDEEP

      768:ZSuEBr5TxZ3ILakH+MQTbTf1YK5dEde6w4tKmc3K1RHpuiCYy:BErPZ3IBZcbTfu1HlrJFCP

    Score
    3/10
    behavioral25behavioral26

    • Target

      CERTIFICATE

    • Size

      5KB

    • MD5

      85fc2b618360595b0e57b93945e23501

    • SHA1

      12eb9efb65a41696a7ab61d5ccfa10e682ac73d6

    • SHA256

      6c5788105eecfdcf988aff012fc48d10aa1d3b2ff5a18e7be7ec9792f8d45d96

    • SHA512

      dbf3848b147326bffefc77025b22ecffe252467625d4b83b9588be86ed7889c2d5f8ce75fb93efca843eb4ea6ba6671de94a6228f9c6a47a9672396f87feb742

    • SSDEEP

      96:iuKHmd7aN+1m+S1C9TxfaeZc3JUfhdyEi7ZHeE5m7foi00:aHoaN+177xffeBZHlEo4

    Score
    1/10
    behavioral27behavioral28

    • Target

      [0]

    • Size

      2KB

    • MD5

      f4f0c5282559707670a306c46097ffcc

    • SHA1

      3417351819d02450b527af5b3dbba95c52f911e5

    • SHA256

      8f4fff35166f08142b23bf90e5c36f72c3a730b549d172768c2fa855a338122e

    • SHA512

      ebda56045c88ad3b87a896e06cf3747d411a28e4270554de5ad25a28343a4b3f54008dc4458e624097ea157208e2944d67c64770346047a202e0d978adf88175

    Score
    1/10
    behavioral29behavioral30

    • Target

      [1]

    • Size

      2.5MB

    • MD5

      d299d19a1a9ab3876afff03bd2359d8b

    • SHA1

      b6cf4936b9d19d8a34417cda6eaeac816660fc92

    • SHA256

      a912e61a04c54e4407262b0b8ce5cc4fa500db62185381e044e8f3724d573cc8

    • SHA512

      445fed6edddd97bd2b62fd34ae3f84fe122d19baf8c2c47f3c1867a991d72434105c5bfbf368ceee2537401bc51df52e3cb367b8526adb9e8357023b27815ded

    • SSDEEP

      49152:+tJyfM3mq+li7JeXVn2GljPUXSrVFADPtMieH5nqwTs8X3jkXcM3:KUKmzi7Je4GljPUCrzAiieZq8IX33

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

asyncratstormkittydiscoveryratstealer
Score
10/10

behavioral2

asyncratstormkittydiscoveryratstealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

Score
1/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10