asyncrat

General

Target

92b485e82500b6827cbbaabfcbb08b16.bin
Size

15.7MB
Sample

230225-bxkj7sbf63
MD5

59e66bcd23f787972a4d925246b84847
SHA1

969e496348792c86137fbbd8d3d2e494782e2ddc
SHA256

c831874ac99fed3cc029300dd00283cc542f57395a69d4829dfbc6f415e4e597
SHA512

f5254199ecdd54f02eddfca59874876e3f952dbc505fb3f7c98b7781fb91e150622602eaa07258d3d17ddbe2e7aa783205e4bb4a6c1da83ad04e823434cc37cf
SSDEEP

393216:zOnxBn/CG/T1Ogfw8DZqfl6D4oCKj3KG+LqQeh1y8Sz1:zWBn/Ci1lM6UohmG+Co5z1

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6196076192:AAF99zylbr46S6zR2M6Fbv7gE0eAuYfzRmg/sendMessage?chat_id=927024838

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2f0bb4d74005cf2460f4e5f0ef95390ef017fd154b00ada7492b266ca589ba3e.exe
- Size
  
  16.1MB
- MD5
  
  92b485e82500b6827cbbaabfcbb08b16
- SHA1
  
  37577934002e1f8b2d05cee98de8f672e4b64b34
- SHA256
  
  2f0bb4d74005cf2460f4e5f0ef95390ef017fd154b00ada7492b266ca589ba3e
- SHA512
  
  2648653d8482d72e9030739228d15627d5eec3b20f0011238052188e910aff04020ab5838a6295683b5da1c3ed11ecd48cb2cedddda1701afc7a36ef1f305942
- SSDEEP
  
  393216:gu7L/1edQ2l6+9Joaw2N+mzW83OmwGJLaX4FcYq:gCLdedQm9Jq2NZW833Vc
Score

10^/10

asyncrat stormkitty default pyinstaller rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2