Overview

overview

10

Static

static

1

Anarchy Panel 4.7.rar

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Anarchy Panel 4.7.rar

  • Size

    53.7MB

  • Sample

    250220-2p154awrdy

  • MD5

    1ac099674321f8736ef32e0eed5dbaee

  • SHA1

    d609a36a7687635631380378a8262f66dfd78fb0

  • SHA256

    7c1d0a5b8a6a3755887981f854c368b372e0629929f3ded5bf17715ec220423e

  • SHA512

    3c798e14f584b9629cc9807c01abe56d5bebdc4812a38eb5f7299eb729fa5576b17ef167607211ccf8a19ca05fb8c4799897a2fff584cf5a92499ae730762bd9

  • SSDEEP

    786432:zWgaBwgV+yi4Z6dFTlYG9rLKVp29NRvLbWMMydIWd/inlJWDx+xteKGnYnPJCA+I:CV2ikYUrLY2HJRtIWdYlJC1K+YC5Lmz3

Score
10/10
asyncratstealeriumstormkittydefaultcollectiondiscoverypersistenceprivilege_escalationratstealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Anarchy Panel 4.7.rar

    • Size

      53.7MB

    • MD5

      1ac099674321f8736ef32e0eed5dbaee

    • SHA1

      d609a36a7687635631380378a8262f66dfd78fb0

    • SHA256

      7c1d0a5b8a6a3755887981f854c368b372e0629929f3ded5bf17715ec220423e

    • SHA512

      3c798e14f584b9629cc9807c01abe56d5bebdc4812a38eb5f7299eb729fa5576b17ef167607211ccf8a19ca05fb8c4799897a2fff584cf5a92499ae730762bd9

    • SSDEEP

      786432:zWgaBwgV+yi4Z6dFTlYG9rLKVp29NRvLbWMMydIWd/inlJWDx+xteKGnYnPJCA+I:CV2ikYUrLY2HJRtIWdYlJC1K+YC5Lmz3

    Score
    10/10
    asyncratstealeriumstormkittydefaultcollectiondiscoverypersistenceprivilege_escalationratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Stealerium family

      stealerium

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Async RAT payload

      rat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks