General
-
Target
00005636c57566543b08e8f453c4e977f02b10b87803b6134365caddd5c09800
-
Size
73KB
-
Sample
250204-kmsbqs1pdx
-
MD5
5a978852670d651c4176fabd021d4e1f
-
SHA1
cbbc245b5b46c20c75e6082127b611985b8ac2a2
-
SHA256
00005636c57566543b08e8f453c4e977f02b10b87803b6134365caddd5c09800
-
SHA512
f648e2a35302575ac17c750c3ab014bfa0644a477fedda55d5f7af73de5437f8ba2b9721690ccfaa90f86d968c48d74b84cb88963629bdfb238fdc3545430b40
-
SSDEEP
1536:G8Z6cweHEyF8D87a+6+UFTY2+X4LQsnq+S4HqzVtSm1v:bZ6NwDC8++6+UJY2+qg5c4bH1v
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5019103854:AAHucpCsuoHfPSmzNdwO7ZF0KH52dPfSqqc/sendMessage?chat_id=775796924
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
gta vip mod menu.exe
-
Size
170KB
-
MD5
9c396476af70d302eb9daa684452cfa0
-
SHA1
18952e86a1c01000fd49f076bc0c64575fbc8012
-
SHA256
d6af4c61a9cc5a9beb762788dcab24c744bb5099608436273f7ea30fd3dbf845
-
SHA512
80a282867e6a3db5135054970b6d758f41f3f866e3426f9615b5bb12b9603be1f5f9f714c9ec2ec3286b0a427a3c27c4f280636efb58605291f58d561b7cc6c3
-
SSDEEP
3072:++STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2cPL06+Wp7:j8XN6W8mmHPtppXPSi9b4l
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1