Extracted

Extracted

• • Target

    Stealerium.zip

  • Size

    5.9MB

  • MD5

    e2e609d8870d6257945230e08ca4f62f

  • SHA1

    338f787fc2eb8d8a33b7fd0e73f247743c497b9d

  • SHA256

    848d8ab365cfa9c087c80b87538a2c86921a16e886f0b3d32405cbe69f4d7f53

  • SHA512

    d10daa0212337d10b7ede25e1238dc5f77e93a0b9eb048a4a80c4bd1dc42af2dfdf7e0e8951486db6f738980e4a13802243a3c60696007104ef28f7f58002183

  • SSDEEP

    98304:nR9fzGqzRjbT+yYTNWdDAkJNam4FFYGzYqLeB50CcOq0C2xJ9K8YR0fXgnGagsmx:PfzG6jbT+FUiWNaDFFYGEqLeBqCcR0oi

  Score

  10^/10

  asyncratgurcudefaultcollectiondiscoverymotwpersistencephishingprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu aka WhiteSnake is a malware stealer written in C#.

    stealergurcu

  • Async RAT payload

    rat

  • Downloads MZ/PE file

  • A potential corporate email address has been identified in the URL: =@L

    phishing

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Mark of the Web detected: This indicates that the page was originally saved or cloned.

    phishingmotw
  behavioral1behavioral2