Extracted

• • Target

    187ae0cb45f21b2fee6eacaf297bd965acdcd3822b3d0cd09602add1cf03cb40

  • Size

    518KB

  • MD5

    f249f6f4f9d8c37b6eaa483e188b844e

  • SHA1

    fb2bc26dafdf08f306307c201575a2babf3046e7

  • SHA256

    187ae0cb45f21b2fee6eacaf297bd965acdcd3822b3d0cd09602add1cf03cb40

  • SHA512

    1e2ba01ad35fb34d4ff3af4acbe4f62c543a27db8e189eec91fcced1128f28999391efffbfcc2af55bbef6eb37004b1198f852b03605ce3eb29e0cb11fc052ec

  • SSDEEP

    6144:fSncRljDubaBBOBIIj6HLLYLCYJqvc1DiFGPNv67EA7bYiiRGbNGfAJDubaBBOBY:a4IbaMUbHiRcNqnbaExhNbxykvgItw

  Score

  10^/10

  asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2