Overview

overview

10

Static

static

10

f461f10719...cf.exe

windows7-x64

10

f461f10719...cf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf

  • Size

    175KB

  • Sample

    250328-x3bedasjz8

  • MD5

    336d578e5d215fe13916a8ec71bc7a19

  • SHA1

    b281feba54892446b613bb6099c2191999b80c29

  • SHA256

    f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf

  • SHA512

    3f3bf17d0634761cdb960a5a93c63e2369094e167d77dc46ccb93fccbf0d7d17e7eaa3df9c92945d135e0f703f41aa0622cd1766ae567ec97e94eadceae52414

  • SSDEEP

    3072:3e8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTLwARE+WpCc:v6ewwIwQJ6vKX0c5MlYZ0b2s

Score
10/10
asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6563655114:AAGMoN3h49Yz7MCdtzDLZdk2wksrqkuYFXk/sendMessage?chat_id=5527463773
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
VIfxfqryUTyZUBGDCBAvbYVYIsexIM7Z

Targets

    • Target

      f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf

    • Size

      175KB

    • MD5

      336d578e5d215fe13916a8ec71bc7a19

    • SHA1

      b281feba54892446b613bb6099c2191999b80c29

    • SHA256

      f461f10719e639c5a727089906dda7e09e72abd964d4e99c37cf7278433d2ecf

    • SHA512

      3f3bf17d0634761cdb960a5a93c63e2369094e167d77dc46ccb93fccbf0d7d17e7eaa3df9c92945d135e0f703f41aa0622cd1766ae567ec97e94eadceae52414

    • SSDEEP

      3072:3e8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTLwARE+WpCc:v6ewwIwQJ6vKX0c5MlYZ0b2s

    Score
    10/10
    asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.