General
-
Target
S500RATCracked.exe
-
Size
175KB
-
Sample
250123-qwnykasqel
-
MD5
604f8eb4afe0d9a9e3fb5f7981c09145
-
SHA1
92d44f43b4c9fc84b99ba34c5abb3672725ecc69
-
SHA256
682e2204557a05cddbaddef019cbc2eda6eaa50007f20851eadb9a33c35c458d
-
SHA512
cf35e1559004f48ed1ffbf5b78ae19861afb8e19a9979a49294da60f0f83ef7428bd3b5d09b869c6ce556141938d0d387deb350b10c0c9ca58087d384e4d3598
-
SSDEEP
3072:1e8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTkwAqE+Wpor:4Xtb5KcXr7XmfgqtjhAxZ0b21
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot7172310068:AAHciRxBKiL8yb3xQPb16MGBa7sLY1YMnC8/sendMessage?chat_id=1238600226
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
S500RATCracked.exe
-
Size
175KB
-
MD5
604f8eb4afe0d9a9e3fb5f7981c09145
-
SHA1
92d44f43b4c9fc84b99ba34c5abb3672725ecc69
-
SHA256
682e2204557a05cddbaddef019cbc2eda6eaa50007f20851eadb9a33c35c458d
-
SHA512
cf35e1559004f48ed1ffbf5b78ae19861afb8e19a9979a49294da60f0f83ef7428bd3b5d09b869c6ce556141938d0d387deb350b10c0c9ca58087d384e4d3598
-
SSDEEP
3072:1e8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTkwAqE+Wpor:4Xtb5KcXr7XmfgqtjhAxZ0b21
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1