asyncrat | b77a024602ae648ad80a3fd49f08a26b99c377b81b189b60f474437ab13205b4 | Triage

Submit
Reports

Overview

overview

Static

static

98bb7310f4...c0.exe

windows7-x64

98bb7310f4...c0.exe

windows10-2004-x64

Resubmissions

09-01-2023 12:41

230109-pwzjmahf3z 10

09-01-2023 12:31

230109-pp2qeahe91 10

Sharing

General

Target

98bb7310f473f8151d19643afb9142c0.exe
Size

915KB
Sample

230109-pp2qeahe91
MD5

98bb7310f473f8151d19643afb9142c0
SHA1

470d392167d337c8c64f02298f8c47f11385c188
SHA256

b77a024602ae648ad80a3fd49f08a26b99c377b81b189b60f474437ab13205b4
SHA512

0ba43ae3b0727738c959a57db161724957e1ac0e05dddcf5e97de65565472689a5d73c682be1117b3b8bb58b1f1f191703fe2c536f344c4c7a304816f70660fa
SSDEEP

12288:aY60OiHviUznMCR0O0JMRZe+3gyJ+s7RYdWbNo5EET9G/Sau4qQQi5W13mWNVALF:aWZPRPZrbZq9u014

Score

10^/10

asyncrat stormkitty venom clients evasion persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

98bb7310f473f8151d19643afb9142c0.exe

Resource

win7-20221111-en

asyncrat stormkitty venom clients evasion persistence rat stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

98bb7310f473f8151d19643afb9142c0.exe

Resource

win10v2004-20220812-en

asyncrat venom clients evasion persistence rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT+HVNC+Stealer Version:5.0.9

Botnet

Venom Clients

C2

185.132.176.192:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  98bb7310f473f8151d19643afb9142c0.exe
- Size
  
  915KB
- MD5
  
  98bb7310f473f8151d19643afb9142c0
- SHA1
  
  470d392167d337c8c64f02298f8c47f11385c188
- SHA256
  
  b77a024602ae648ad80a3fd49f08a26b99c377b81b189b60f474437ab13205b4
- SHA512
  
  0ba43ae3b0727738c959a57db161724957e1ac0e05dddcf5e97de65565472689a5d73c682be1117b3b8bb58b1f1f191703fe2c536f344c4c7a304816f70660fa
- SSDEEP
  
  12288:aY60OiHviUznMCR0O0JMRZe+3gyJ+s7RYdWbNo5EET9G/Sau4qQQi5W13mWNVALF:aWZPRPZrbZq9u014
Score

10^/10

asyncrat stormkitty venom clients evasion persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratstormkittyvenom clientsevasionpersistenceratstealer

behavioral2

asyncratvenom clientsevasionpersistencerat

© 2018-2024

Terms | Privacy