asyncrat | 252b2467ec3c7b98d2cf8202bae33a69d5c89353de9106c6c57af1a9d7e2afc5 | Triage

Submit
Reports

Overview

overview

Static

static

1

a9f4b51b2d...c3.exe

windows7-x64

1

a9f4b51b2d...c3.exe

windows10-2004-x64

Sharing

General

Target

a9a8fc726641597330943a5922886eca.bin
Size

36.6MB
Sample

230319-wtjtqahe63
MD5

a040bc34d85c204fa65300bb118172f9
SHA1

0b31b1e677617d6bd2f2b4aae4dc53fce915e7ae
SHA256

252b2467ec3c7b98d2cf8202bae33a69d5c89353de9106c6c57af1a9d7e2afc5
SHA512

a0d97e22d2e56bb0844b406c76fae009620d939a3365e2eab86d4fb05016182021470436b2770e051e1b6fb01e50ea0f4a0660f515a742a90a304445b9ad06fa
SSDEEP

786432:jY9g6WUfWKgb583uzXo9gUfUZnb2IuGBd2EUXJSYcUJ7BeY2z9gW7fP1C/:M4+gb58MXo9lGniXJBJ7Be39ZfPU/

Score

10^/10

asyncrat stormkitty database rat stealer vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

a9f4b51b2d4d65ba2108893ffa380108325d5829ef6dd0610d42a626195e60c3.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9f4b51b2d4d65ba2108893ffa380108325d5829ef6dd0610d42a626195e60c3.exe

Resource

win10v2004-20230220-en

asyncrat stormkitty database rat stealer vmprotect

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Database

C2

security70.duckdns.org:55085

Mutex

6980692037

Attributes

delay
1
install
true
install_file
snetcfg.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  a9f4b51b2d4d65ba2108893ffa380108325d5829ef6dd0610d42a626195e60c3.bin
- Size
  
  54.5MB
- MD5
  
  a9a8fc726641597330943a5922886eca
- SHA1
  
  91924f6c9ceea1c42f8f953c2fc3fb0224dfe6dc
- SHA256
  
  a9f4b51b2d4d65ba2108893ffa380108325d5829ef6dd0610d42a626195e60c3
- SHA512
  
  362145d6f6680d8782e1a3831a699cd1cfca3d6861dbdd4bd870a9de1d62a1de3e84f35d8d6e6366d91d1ecfb4557d4a93a23bbc1d08730b2735beeb4e6a5e33
- SSDEEP
  
  1572864:j5YSfbEqkAk2YMbj4QYJK5lTyeA6cdb6cypx+uMx:zVkAk2YMbjmeAXUeu
Score

10^/10

asyncrat stormkitty database rat stealer vmprotect
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstormkittydatabaseratstealervmprotect

© 2018-2024

Terms | Privacy