Overview

overview

10

Static

static

3

rwvg1.exe

windows7-x64

10

rwvg1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rwvg1.exe

  • Size

    34KB

  • Sample

    250102-wtqx2azqhx

  • MD5

    671a477d299131351498b10922fa09d8

  • SHA1

    1ea4a3836b473bc710f348fade6bb56848279649

  • SHA256

    2b07a75b74b701d95f6957416959df359f441e7455e933913208891f05c6c9e5

  • SHA512

    8a4ed69a50806d85d697ac85f57855b1e5a26e0d6282977f75d70823be10cf83490423a1228891230bd2c3359449719dd53c6401d1f64f5649c9d2974257a8fc

  • SSDEEP

    768:LqI7tV7a1UqeBVYbCU/SReKbLZu7RupMx0AzgL4Vo2TUVd:G837eULG2U0XA0AzC4SrVd

Score
10/10
asyncratstormkittydiscoveryratstealer

Malware Config

Targets

    • Target

      rwvg1.exe

    • Size

      34KB

    • MD5

      671a477d299131351498b10922fa09d8

    • SHA1

      1ea4a3836b473bc710f348fade6bb56848279649

    • SHA256

      2b07a75b74b701d95f6957416959df359f441e7455e933913208891f05c6c9e5

    • SHA512

      8a4ed69a50806d85d697ac85f57855b1e5a26e0d6282977f75d70823be10cf83490423a1228891230bd2c3359449719dd53c6401d1f64f5649c9d2974257a8fc

    • SSDEEP

      768:LqI7tV7a1UqeBVYbCU/SReKbLZu7RupMx0AzgL4Vo2TUVd:G837eULG2U0XA0AzC4SrVd

    Score
    10/10
    asyncratstormkittydiscoveryratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Downloads MZ/PE file

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks