asyncrat | d4f606975c5dc4f91da1fef083b268f5d838f8c3ddfe7d27d48d6c3becee2c71 | Triage

Submit
Reports

Overview

overview

Static

static

1

MiniMailVi....0.exe

windows7-x64

MiniMailVi....0.exe

windows10-2004-x64

Sharing

General

Target

MiniMailViewer_v_1.0.rar
Size

12.5MB
Sample

230330-qs9qvsch25
MD5

bb9a79ed7a541d4089aeb8b05c7ab3a9
SHA1

9cd02770f9f0c8043a71f1e9925a99d2b93eec35
SHA256

d4f606975c5dc4f91da1fef083b268f5d838f8c3ddfe7d27d48d6c3becee2c71
SHA512

24577491816ca0dbd02cd462bab28fbbe9d3627414b8025eabb03b53d581f6ce4e6d7d1650c9b85efe155b314886d00b3df0f2c2d1426ef98a18133924a230f0
SSDEEP

196608:2Ih3mUnPwL/pYH11ve3hR7eOet0KhqEAIwHYalwQWx6ouNZJawvrDtGiF+8o/p:KYKCve3hR7eOet0KwQwHYRDsouu4UYs

Score

10^/10

asyncrat stormkitty default rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

MiniMailViewer v 1.0.exe

Resource

win7-20230220-en

asyncrat stormkitty default rat spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

MiniMailViewer v 1.0.exe

Resource

win10v2004-20230221-en

asyncrat stormkitty default rat spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6147793322:AAHTVudVUVXc92ziWPx0CDEkR5vaWKQBP5Q/sendMessage?chat_id=951752454

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  MiniMailViewer v 1.0.exe
- Size
  
  3.4MB
- MD5
  
  6fa7ea166a499f9d827b54d4a5fd6de3
- SHA1
  
  d00598a9b75168f2b25e571402a2bee97a10d35d
- SHA256
  
  8eb2bbe1b331f25452e434b4a1c4ebb3b5d77211a37caf73ad8ac8979c519a1e
- SHA512
  
  119d6af71d971d8803b42467e4660e2c32c64e762be8872b2d805bc2f33ca8105f605b8ef6863bda2f40b7d3a65f1683e275e88ed0e6b4f270458b7bb4cc8a2b
- SSDEEP
  
  49152:cttUzzug6iXrB++PnumKOATnAp34nDuI+ofqlRjmqKHkd0MKtcPKXVZOutbP:cttUzag6i7amVATznD9vSvsEdbKiSXn
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratstormkittydefaultratspywarestealer

behavioral2

asyncratstormkittydefaultratspywarestealer

© 2018-2024

Terms | Privacy