Overview

overview

10

Static

static

10

d39083df80...4N.exe

windows7-x64

10

d39083df80...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d39083df8071d961f10ac9520645cad6b216d985b68e5ef71abc094dbff6cbb4N.exe

  • Size

    185KB

  • Sample

    250104-rtnqfstjhw

  • MD5

    87af8e8d59047e5799c4922c2cad3220

  • SHA1

    570f9e7af5ba8058a072ab6392449d1128933771

  • SHA256

    d39083df8071d961f10ac9520645cad6b216d985b68e5ef71abc094dbff6cbb4

  • SHA512

    3d21efb40d0133af0180fda23cacf8e7d4c13503bdff5d891a5c47026563e690a955caf2c80448bea6bb67bbecf7279fd85ab583385e65d8dcd1587d1f28f8a9

  • SSDEEP

    3072:G+STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2cKcs6+WpT:b8XN6W8mmHPtppXPSi9b43

Score
10/10
asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7939561809:AAHz2Vqx3T78_aqFxsPWL8XuAKKVQ7c2y3s/sendMessage?chat_id=7522999044
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      d39083df8071d961f10ac9520645cad6b216d985b68e5ef71abc094dbff6cbb4N.exe

    • Size

      185KB

    • MD5

      87af8e8d59047e5799c4922c2cad3220

    • SHA1

      570f9e7af5ba8058a072ab6392449d1128933771

    • SHA256

      d39083df8071d961f10ac9520645cad6b216d985b68e5ef71abc094dbff6cbb4

    • SHA512

      3d21efb40d0133af0180fda23cacf8e7d4c13503bdff5d891a5c47026563e690a955caf2c80448bea6bb67bbecf7279fd85ab583385e65d8dcd1587d1f28f8a9

    • SSDEEP

      3072:G+STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2cKcs6+WpT:b8XN6W8mmHPtppXPSi9b43

    Score
    10/10
    asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks