General
-
Target
f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf
-
Size
175KB
-
Sample
250328-x3bedasjz8
-
MD5
336d578e5d215fe13916a8ec71bc7a19
-
SHA1
b281feba54892446b613bb6099c2191999b80c29
-
SHA256
f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf
-
SHA512
3f3bf17d0634761cdb960a5a93c63e2369094e167d77dc46ccb93fccbf0d7d17e7eaa3df9c92945d135e0f703f41aa0622cd1766ae567ec97e94eadceae52414
-
SSDEEP
3072:3e8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTLwARE+WpCc:v6ewwIwQJ6vKX0c5MlYZ0b2s
Behavioral task
behavioral1
Sample
f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6563655114:AAGMoN3h49Yz7MCdtzDLZdk2wksrqkuYFXk/sendMessage?chat_id=5527463773
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf
-
Size
175KB
-
MD5
336d578e5d215fe13916a8ec71bc7a19
-
SHA1
b281feba54892446b613bb6099c2191999b80c29
-
SHA256
f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf
-
SHA512
3f3bf17d0634761cdb960a5a93c63e2369094e167d77dc46ccb93fccbf0d7d17e7eaa3df9c92945d135e0f703f41aa0622cd1766ae567ec97e94eadceae52414
-
SSDEEP
3072:3e8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTLwARE+WpCc:v6ewwIwQJ6vKX0c5MlYZ0b2s
-
Asyncrat family
-
StormKitty payload
-
Stormkitty family
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1