General
-
Target
JaffaCakes118_39028e30633ad28ac9f8d1a1f30adc3d0c351e96772f96ceb58690abff0d2736
-
Size
78KB
-
Sample
241223-xh78lsxpfn
-
MD5
30a5f6dae13e79e127b2a0737de8d5bc
-
SHA1
524ddee1582fbee848bef8bbe8505e508ed057dd
-
SHA256
39028e30633ad28ac9f8d1a1f30adc3d0c351e96772f96ceb58690abff0d2736
-
SHA512
30e88827da52fcd4baebcbe90348563b629688b0bd51bb768fc4fd88efc81f733db08ff835579de2ca201dbcba68a0a8444f3935a64772f61ba3df50539840d8
-
SSDEEP
1536:6QL/XdzJbn/6WvkIaDr7SX0jyxNcgjR3w1SDut2DFfe:64TbiWvUWWINc3SjBfe
Behavioral task
behavioral1
Sample
bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
0.0.1
Default
bigdaddy-service.biz:6606
bigdaddy-service.biz:7707
bigdaddy-service.biz:8808
https://api.telegram.org/bot1887752763:AAEFHUQhXilkF7u0X0Uqs-Po7aZUCtVrohg/sendMessage?chat_id=1096425866
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec
-
Size
167KB
-
MD5
2494ddf095f3ad52f3ce518c45e37815
-
SHA1
fef7060001121af7720efc877adb57b3a0770e6c
-
SHA256
bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec
-
SHA512
6b1f703c94dcb3b5d33f303dd18c633863f846beb51ce06c574a0030ba7d8e90d71b76893fcf71947186e53567fa8ba9c54cccdce8453610b93df31dad992bf8
-
SSDEEP
3072:Kiuo2wrg+t38kRKQ9pgEvGW2e861u/s9b2JtD1wZp+Wp+WIrk:Cwg+t3DgEvTV91Ss9bY7KdIr
-
Asyncrat family
-
StormKitty payload
-
Stormkitty family
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1