asyncrat | 2f0bb4d74005cf2460f4e5f0ef95390ef017fd154b00ada7492b266ca589ba3e | Triage

Submit
Reports

Overview

overview

Static

static

Crunchyrol....3.exe

windows7-x64

Crunchyrol....3.exe

windows10-2004-x64

Sharing

General

Target

Crunchyroll [CHECKER 2023] V1.3.exe
Size

16.1MB
Sample

230223-tlsesaac7z
MD5

92b485e82500b6827cbbaabfcbb08b16
SHA1

37577934002e1f8b2d05cee98de8f672e4b64b34
SHA256

2f0bb4d74005cf2460f4e5f0ef95390ef017fd154b00ada7492b266ca589ba3e
SHA512

2648653d8482d72e9030739228d15627d5eec3b20f0011238052188e910aff04020ab5838a6295683b5da1c3ed11ecd48cb2cedddda1701afc7a36ef1f305942
SSDEEP

393216:gu7L/1edQ2l6+9Joaw2N+mzW83OmwGJLaX4FcYq:gCLdedQm9Jq2NZW833Vc

Score

10^/10

asyncrat stormkitty default pyinstaller rat spyware stealer

Static task

static1

rat pyinstaller asyncrat stormkitty

5 signatures

Behavioral task

behavioral1

Sample

Crunchyroll [CHECKER 2023] V1.3.exe

Resource

win7-20230220-en

asyncrat stormkitty default pyinstaller rat spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Crunchyroll [CHECKER 2023] V1.3.exe

Resource

win10v2004-20230220-en

asyncrat stormkitty default pyinstaller rat spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6196076192:AAF99zylbr46S6zR2M6Fbv7gE0eAuYfzRmg/sendMessage?chat_id=927024838

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Crunchyroll [CHECKER 2023] V1.3.exe
- Size
  
  16.1MB
- MD5
  
  92b485e82500b6827cbbaabfcbb08b16
- SHA1
  
  37577934002e1f8b2d05cee98de8f672e4b64b34
- SHA256
  
  2f0bb4d74005cf2460f4e5f0ef95390ef017fd154b00ada7492b266ca589ba3e
- SHA512
  
  2648653d8482d72e9030739228d15627d5eec3b20f0011238052188e910aff04020ab5838a6295683b5da1c3ed11ecd48cb2cedddda1701afc7a36ef1f305942
- SSDEEP
  
  393216:gu7L/1edQ2l6+9Joaw2N+mzW83OmwGJLaX4FcYq:gCLdedQm9Jq2NZW833Vc
Score

10^/10

asyncrat stormkitty default pyinstaller rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

ratpyinstallerasyncratstormkitty

behavioral1

asyncratstormkittydefaultpyinstallerratspywarestealer

behavioral2

asyncratstormkittydefaultpyinstallerratspywarestealer

© 2018-2024

Terms | Privacy