Extracted

• • Target

    066e566cfda5b91b45e6235c252695d1d796736cd21f61f44cd77787a338a84f

  • Size

    175KB

  • MD5

    ed17f5a962191fa6423599f58efc90c2

  • SHA1

    a5186f3e3f96e58ea743408ba24d22df3f3cffee

  • SHA256

    066e566cfda5b91b45e6235c252695d1d796736cd21f61f44cd77787a338a84f

  • SHA512

    fb6036ea4c079af2c33749a3cc3619776bb344fe6166ff1b40397916486f87d4568f642988fc67a1f6e12d6735c9ed1c678d8f2961a2f41fffddb212f315f279

  • SSDEEP

    3072:U+lBDp+LQ1/fU2RSIIj6hLLYLCYJqvc1DfDTwYhac4IauJX9bj72dm3pRQNQ+Wpv:FD8u/fdRSIIj6hLLYLCYJqvc1DfXwYhY

  Score

  10^/10

  asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2