Overview

overview

10

Static

static

10

sigma.zip

windows7-x64

1

sigma.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sigma.zip

  • Size

    4.5MB

  • Sample

    250114-1xr2qa1mgv

  • MD5

    1dfeebdf82ab3ed01ddd18ab3a4650fd

  • SHA1

    d9be45847f326af2a7a1bf26945b813f1bf8df77

  • SHA256

    8aae531dd3a505f3626825ac271c6beec7f25fea3d2c90cb704d9eb9f4ece7f8

  • SHA512

    dae196c7db8ed2fbdb8c2e8469c496e48c23ce9eb4d6f31d3468b7cc169489cf1be9967ee104377403b6b53acdc92da9e030a561116eea7c15f8aef92ae1826f

  • SSDEEP

    98304:WiMbhvRrGFryU0NBkhoidjUXp5KkNbwBDl5NuMD8Pl4cOVh86y4X:9M3aFrphoPXL5hA8MDbT84X

Score
10/10
asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6930132082:AAF9Abmx5782IJWJVqCaUgCZ8zIA1r0hry0/sendMessage?chat_id=5960891953
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      sigma.zip

    • Size

      4.5MB

    • MD5

      1dfeebdf82ab3ed01ddd18ab3a4650fd

    • SHA1

      d9be45847f326af2a7a1bf26945b813f1bf8df77

    • SHA256

      8aae531dd3a505f3626825ac271c6beec7f25fea3d2c90cb704d9eb9f4ece7f8

    • SHA512

      dae196c7db8ed2fbdb8c2e8469c496e48c23ce9eb4d6f31d3468b7cc169489cf1be9967ee104377403b6b53acdc92da9e030a561116eea7c15f8aef92ae1826f

    • SSDEEP

      98304:WiMbhvRrGFryU0NBkhoidjUXp5KkNbwBDl5NuMD8Pl4cOVh86y4X:9M3aFrphoPXL5hA8MDbT84X

    Score
    10/10
    asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks