Extracted

• • Target

    Spotify.exe

  • Size

    98KB

  • MD5

    e3c63db10fd82bf7005998e7536c0b73

  • SHA1

    5aa3eb6dfb0f292e92305ca6d003731faf651f4c

  • SHA256

    ecd287798f2e6597b2e4568817159e2b3b0b502990694e7bf8f58f90b73685e9

  • SHA512

    e6970b0e51474592c800c8435c92f68865160f5c25b887141fcf32db4730183f74d86a8eed9ebafeb1ea8adf8a344e8ad2f38a0c708829ae01b8954cace92a0b

  • SSDEEP

    1536:PKvg1dSJYUbdh9vTEus3DBIYGUHerbqYwhRpqKmY7:Pt1YYUbd+KYWwhqz

  Score

  10^/10

  asyncratstealeriumstormkittydefaultcollectiondiscoverypersistenceprivilege_escalationransomwareratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Stealerium family

    stealerium

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Async RAT payload

    rat

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Renames multiple (348) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Network Service Discovery

    Attempt to gather information on host's network.

    discovery

  • Enumerates processes with tasklist

    discovery
  behavioral1