General

  • Target

    b3c188051ccb327c2406c0b2581af1247daff6491c895b8fb5d6d0d2fb19d90c

  • Size

    12.9MB

  • Sample

    250323-ya9xxawqv6

  • MD5

    3a4f9aee19211f290c0bd02b445ca11c

  • SHA1

    eca6d9d927ec1d8e15b66b5c4b3a45482f7015b3

  • SHA256

    b3c188051ccb327c2406c0b2581af1247daff6491c895b8fb5d6d0d2fb19d90c

  • SHA512

    51a65ef11970faa688ffe8feec77d2a287532d86c1ddbafecaa5c7b19a99551d69971cf39c01a67dfe5dbc2d77bae1716af11e0f9156d063cb2afc0346c1e69e

  • SSDEEP

    196608:Z9+zZDxUfiBy1ryr9LSFCZmEZ+1XoYrrFzL:G1xYiBy1rMSFP4+1Xo2pz

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot8183912070:AAGxwq-YWsMb4FtMiN-pnoAFnMm_DdvDrN8/sendMessage?chat_id=7221408397

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      b3c188051ccb327c2406c0b2581af1247daff6491c895b8fb5d6d0d2fb19d90c

    • Size

      12.9MB

    • MD5

      3a4f9aee19211f290c0bd02b445ca11c

    • SHA1

      eca6d9d927ec1d8e15b66b5c4b3a45482f7015b3

    • SHA256

      b3c188051ccb327c2406c0b2581af1247daff6491c895b8fb5d6d0d2fb19d90c

    • SHA512

      51a65ef11970faa688ffe8feec77d2a287532d86c1ddbafecaa5c7b19a99551d69971cf39c01a67dfe5dbc2d77bae1716af11e0f9156d063cb2afc0346c1e69e

    • SSDEEP

      196608:Z9+zZDxUfiBy1ryr9LSFCZmEZ+1XoYrrFzL:G1xYiBy1rMSFP4+1Xo2pz

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks