Overview

overview

10

Static

static

10

4c8b95c5f6...43.exe

windows10-2004-x64

10

4c8b95c5f6...43.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c8b95c5f62a6fd10613f0f07eea6d548a1827c39e76a77cee667f9f8a907b43

  • Size

    175KB

  • Sample

    250420-yb5dtaswcs

  • MD5

    e331d9ebc153eccd14e8553d39f91b91

  • SHA1

    7ece98c4c90a6fd363ff69adb79306b82ba221dd

  • SHA256

    4c8b95c5f62a6fd10613f0f07eea6d548a1827c39e76a77cee667f9f8a907b43

  • SHA512

    aed6a40432344065667efb392c0c13f3deed14191c3fed6663d64c650cb6b083bf26b0840e2bd3c824f94a03e5dd34bec5353c7c2a573c716f569e8a290375d6

  • SSDEEP

    3072:Ze8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTsYwARE+WpCc:16ewwIwQJ6vKX0c5MlYZ0b2W

Score
10/10
asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      4c8b95c5f62a6fd10613f0f07eea6d548a1827c39e76a77cee667f9f8a907b43

    • Size

      175KB

    • MD5

      e331d9ebc153eccd14e8553d39f91b91

    • SHA1

      7ece98c4c90a6fd363ff69adb79306b82ba221dd

    • SHA256

      4c8b95c5f62a6fd10613f0f07eea6d548a1827c39e76a77cee667f9f8a907b43

    • SHA512

      aed6a40432344065667efb392c0c13f3deed14191c3fed6663d64c650cb6b083bf26b0840e2bd3c824f94a03e5dd34bec5353c7c2a573c716f569e8a290375d6

    • SSDEEP

      3072:Ze8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTsYwARE+WpCc:16ewwIwQJ6vKX0c5MlYZ0b2W

    Score
    10/10
    asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks