General
-
Target
b043bef51c2f9238beca4bfdc9d083818b88e6ccb5c1cb1e378e9e925424d19a
-
Size
6.1MB
-
Sample
250324-xvkm3st1ez
-
MD5
26b9984e696c74cb507978ae1661f99e
-
SHA1
f5a44cb2c721ac961f973fe221af7e207163d852
-
SHA256
b043bef51c2f9238beca4bfdc9d083818b88e6ccb5c1cb1e378e9e925424d19a
-
SHA512
2acdfcbb8e4de199aad736b7f66b2ca4d45d5798ce172448308ad0c7772338b235c7fbc11bd16a86b7bcea6a05d6e16e04a2b54fc2a95ccc822fce850db87e80
-
SSDEEP
196608:KhsKyAF9VMoJsFrOuXE/SgDm8xvE170SNEX:ZKjz7LDrBE75a
Behavioral task
behavioral1
Sample
ATT/Checker ATT HQ V1.0.1 fixed login cracked.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ATT/Checker ATT HQ V1.0.1 fixed login cracked.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot8183912070:AAGxwq-YWsMb4FtMiN-pnoAFnMm_DdvDrN8/sendMessage?chat_id=7221408397
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ATT/Checker ATT HQ V1.0.1 fixed login cracked.exe
-
Size
12.9MB
-
MD5
3a4f9aee19211f290c0bd02b445ca11c
-
SHA1
eca6d9d927ec1d8e15b66b5c4b3a45482f7015b3
-
SHA256
b3c188051ccb327c2406c0b2581af1247daff6491c895b8fb5d6d0d2fb19d90c
-
SHA512
51a65ef11970faa688ffe8feec77d2a287532d86c1ddbafecaa5c7b19a99551d69971cf39c01a67dfe5dbc2d77bae1716af11e0f9156d063cb2afc0346c1e69e
-
SSDEEP
196608:Z9+zZDxUfiBy1ryr9LSFCZmEZ+1XoYrrFzL:G1xYiBy1rMSFP4+1Xo2pz
-
Asyncrat family
-
StormKitty payload
-
Stormkitty family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1