asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

Redline Stealer v24.2 cracked [XT_CH].rar
Size

21.8MB
Sample

230424-y8vkwagb5t
MD5

64699e499ebd8ed101b0566e4d2aeec3
SHA1

ab17ac5da9b6b51a0e83bc1c71bc807ff8e2bfa3
SHA256

f414e4465043ddc7e7d558b341d2fefaf62a379d8107c7bc7b39a3d3f4c55b56
SHA512

2afbe5af840383fcc4ab7ce3b8ee25023b4f2074bcf6b68890fbeeca52553f7c3e0411cbecd2a7748389f7202c167cea4022b6ff551626a552f05e7942e1ef8e
SSDEEP

393216:4MVV0yWlp/sEvKWVm68FV3rOBZybyWKXzR8+5Vtck00:4U0yWb/sEvKWVm6k3rOBEmWkm1K

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6093966625:AAHk4dddHb8B1faCcFqL3um1gmB-f2mWhyc/sendMessage?chat_id=5529838804

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

pandastealer

Version

��H

http://�H

Extracted

Family

pandastealer

Version

1.11

http://thisisgenk.temp.swtest.ru

Extracted

Family

pandastealer

Version

�

http://�

Targets

- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Kurome.Builder v24.2.exe
- Size
  
  170KB
- MD5
  
  470a8267b5eba7eb998d9fa69532f849
- SHA1
  
  1152ddb2ab93aae9983e3e8b5c4f367875323e3e
- SHA256
  
  6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e
- SHA512
  
  5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d
- SSDEEP
  
  3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Kurome.Builder_crack.exe
- Size
  
  13.4MB
- MD5
  
  ef176d75dff0768b2277cf9b4b7bf443
- SHA1
  
  c981e9ba720366c3167cc92584bc7e86fe114d69
- SHA256
  
  8d9bef7ae2d1334f6bdf7d7db3ee34da759c23f76c1623930425345787437e4c
- SHA512
  
  67200dbb3dccb5207491b542059d236a9f1ab2d644151a3e3ba4c873636fb4ea564fabb8bdecbbdad677e0420d3d9e2b5057985c8d7162ffd5958f421893d9fb
- SSDEEP
  
  393216:qm4pYqfmQvJzX0KIBJfrQaVjgF1vlKdV6/zEC55891:qxpYqfmYzAVjgF1vl+ud5U1
Score

10^/10

pandastealer stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/stub.dll
- Size
  
  96KB
- MD5
  
  625ed01fd1f2dc43b3c2492956fddc68
- SHA1
  
  48461ef33711d0080d7c520f79a0ec540bda6254
- SHA256
  
  6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b
- SHA512
  
  1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665
- SSDEEP
  
  1536:9G6ijoigzKqO1RUTBHQsu/0igR4vYVVlmbfaxv0ujXyyedOn4iwEEl:BSElHQ/ORUYos0ujyzdZl
Score

10^/10

redline sectoprat infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
behavioral3
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Host/Kurome.Host.exe
- Size
  
  1.4MB
- MD5
  
  b141f114ecbfd918e995d5b40cc4309a
- SHA1
  
  403ed39ba990caf4fc82672257875e58ed3a9c3f
- SHA256
  
  c11a53f5cdd9d41b754e8cdb8132b7c13f224359302dbb8a4bd9502271feafbe
- SHA512
  
  9f2fcef0f8d330d3d7615e642b351bb53da4679df64ee6cc937dd50cdbb318afecca2b56ad2b2a93a9cd6ae41d8e3dfcbc5f876c83f88ec13bc9cef49448315b
- SSDEEP
  
  24576:loJEKZ6IEGTMxapRl2PSwHTehy6BP+pXShToJEKZ6IEGTMxapRl2PSwHTehy6BPk:louKZ6iMqRl2PSwzehy6cpXShTouKZ6x
Score

10^/10

pandastealer spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral4
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/._cache_Kurome Loader 20.2.exe
- Size
  
  170KB
- MD5
  
  470a8267b5eba7eb998d9fa69532f849
- SHA1
  
  1152ddb2ab93aae9983e3e8b5c4f367875323e3e
- SHA256
  
  6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e
- SHA512
  
  5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d
- SSDEEP
  
  3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral5
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/._cache_KuromeLoader.exe.exe
- Size
  
  2.2MB
- MD5
  
  c1bf694a0aab442c2b3d40ec4f56ace5
- SHA1
  
  2ea6ef48ac190a26a738e22ad454b91fc58d3218
- SHA256
  
  00ae4b11e9757721ff825a6d84e0afefb810ce0e062c836503ca14141ca31a39
- SHA512
  
  d8386440e89c1ae538f53bb5a9ee4d8030b6067eb1c6d18fadd118e88d506e11343c0f3cd58bc2636739ade87aef821e2513f0aa8a760bd9787a07a49a48c610
- SSDEEP
  
  49152:rnsHyjtk2MYC5GDeCouKZ6iMqRl2PSwzehy6cpXShTouKZ6iMqRl2PSwzehy6cpu:rnsmtk2a9UzehkUzehz
Score

10^/10

asyncrat pandastealer stormkitty rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
behavioral6
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/Kurome Loader 24.2.exe
- Size
  
  923KB
- MD5
  
  ad5e1454eb96c012755dcab90cfd69cf
- SHA1
  
  17f93458b223542eed1c269d9c64b8c39341b1cd
- SHA256
  
  726725262283f68ec3e3f62d13863c7df9b08f54e19c28603407d98631468494
- SHA512
  
  1f503e6619ff5cd87838b4618400ae54c24d5f618813cfd8ce7ecdd53f25d74186dda096a1a2ab49848184e22137c05de0fbf010a0ccc9adcc5b58e727da1d46
- SSDEEP
  
  12288:0MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Z0N6qsUwXPDgj:0nsJ39LyjbJkQFMhmC+6GD9UaE
Score

10^/10

asyncrat stormkitty default persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral7
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/Kurome.Loader_crack.exe
- Size
  
  1.4MB
- MD5
  
  caeeb7b39d19fb9ae4209d5b82580454
- SHA1
  
  5e8e38685c130250b1e6a132302549be4e1a1952
- SHA256
  
  d94103367cd58a86f60f0f1560084fb30e3fe137f03eb8a49adf600d31dfacf5
- SHA512
  
  6093ea192a677d7632b0f716dcf7a051e1f055334deb9d56acb4f921d08eadfa79ef58477400328a9e3ee6e64043d15c658c4b335cc2f9b6f91a44ce8dd4b46c
- SSDEEP
  
  24576:/oJEKZ6IEGTMxapRl2PSwHTehy6BP+pXShToJEKZ6IEGTMxapRl2PSwHTehy6BPF:/ouKZ6iMqRl2PSwzehy6cpXShTouKZ6E
Score

10^/10

pandastealer spyware stealer
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral8
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/._cache_Panel 20.2.exe
- Size
  
  170KB
- MD5
  
  470a8267b5eba7eb998d9fa69532f849
- SHA1
  
  1152ddb2ab93aae9983e3e8b5c4f367875323e3e
- SHA256
  
  6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e
- SHA512
  
  5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d
- SSDEEP
  
  3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral9
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/._cache_Panel.exe
- Size
  
  1.1MB
- MD5
  
  9484745bead43302d149113d418a3437
- SHA1
  
  f28cdeb7daefa5be6d324a6c99cbb07a00f1b174
- SHA256
  
  95b632d09117daa3bd75c70db03a128e222b7e78e0415d4a5ddb1f8664320e32
- SHA512
  
  e07b57f95e7794dea137bb4d1517ccbf68c7327941096522f5d5bf5962e340f0a3d0431351c13fa8606e8c48532dcbdf31be364581287edc1ce9dfe4abdae449
- SSDEEP
  
  12288:BMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9aN6qsUwXPDt4IN6qsUwXY:BnsJ39LyjbJkQFMhmC+6GD9YaJFawJ
Score

10^/10

asyncrat stormkitty rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
behavioral10
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/Panel 24.2.exe
- Size
  
  923KB
- MD5
  
  ad5e1454eb96c012755dcab90cfd69cf
- SHA1
  
  17f93458b223542eed1c269d9c64b8c39341b1cd
- SHA256
  
  726725262283f68ec3e3f62d13863c7df9b08f54e19c28603407d98631468494
- SHA512
  
  1f503e6619ff5cd87838b4618400ae54c24d5f618813cfd8ce7ecdd53f25d74186dda096a1a2ab49848184e22137c05de0fbf010a0ccc9adcc5b58e727da1d46
- SSDEEP
  
  12288:0MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Z0N6qsUwXPDgj:0nsJ39LyjbJkQFMhmC+6GD9UaE
Score

10^/10

asyncrat stormkitty default persistence rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral11
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/Panel_crack.exe
- Size
  
  276KB
- MD5
  
  e1633061ed1f482f6beef10963a3cbbc
- SHA1
  
  d6b0cda0ed1965190704f5b865bd968c51bd6acc
- SHA256
  
  b14063638be7f779b3d4be67f2c3c7529b4324d276f802c440cde259e2121183
- SHA512
  
  c5063ca55272dd78c0c137083e987052670ab2091d797ec864a217822f25788600b629cdbb9a6e32053aede7c97202983b65bf7a528b6746585885779b742b4d
- SSDEEP
  
  6144:5SncRlJ8XN6W8mmdUwXPSi9b2c3lSncRl:44IN6qsUwXPDs4
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral12
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Tools/Chrome.exe
- Size
  
  1.1MB
- MD5
  
  92cfeb7c07906eac0d4220b8a1ed65b1
- SHA1
  
  882b83e903b5b4c7c75f0b1dc31bb7aa8938d8fa
- SHA256
  
  38b827a431b89da0d9cdd444373364371f4f6e6bf299e7935f05b2351ca9186c
- SHA512
  
  e2ee932f5b81403935a977f9d3c8e2e4f6a4c9a1967b7e1cf61229a7746a24aae486ac6b779fb570f1dff02a3ff30107044f0427ce46474b91d788c78c8fcfbf
- SSDEEP
  
  24576:q6JGMnMpfVArKlhbP6GFibQC1QSvKZHHf1FqbI4Cn:47/MPGFibsSipHubPa
Score

8^/10

persistence
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
behavioral13
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Tools/NetFramework48.exe
- Size
  
  1.4MB
- MD5
  
  86482f2f623a52b8344b00968adc7b43
- SHA1
  
  755349ecd6a478fe010e466b29911d2388f6ce94
- SHA256
  
  2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57
- SHA512
  
  64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d
- SSDEEP
  
  24576:MGHL3siy9J0/SmtLvUDSRbm4Jah1rVxL+iTOhYdeM+GkdnddMF2ScVC3oKNVpNXo:RL3s7mKeTUDBzrVxxOhYdeMinddG2lCK
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral14
- Target
  
  Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Tools/WinRar.exe
- Size
  
  3.2MB
- MD5
  
  b66dec691784f00061bc43e62030c343
- SHA1
  
  779d947d41efafc2995878e56e213411de8fb4cf
- SHA256
  
  26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
- SHA512
  
  6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
- SSDEEP
  
  98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8
Score

1^/10
behavioral15

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

StormKitty

StormKitty payload

Async RAT payload

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Panda Stealer payload

PandaStealer

Checks computer location settings

Executes dropped EXE

Looks up external IP address via web service

RedLine

RedLine payload

SectopRAT

SectopRAT payload

Panda Stealer payload

PandaStealer

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

AsyncRat

StormKitty

StormKitty payload

Async RAT payload

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Looks up external IP address via web service

Looks up geolocation information via web service

AsyncRat

Panda Stealer payload

PandaStealer

StormKitty

StormKitty payload

Async RAT payload

AsyncRat

StormKitty

StormKitty payload

Async RAT payload

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops desktop.ini file(s)

Panda Stealer payload

PandaStealer

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

AsyncRat

StormKitty

StormKitty payload

Async RAT payload

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Looks up external IP address via web service

Looks up geolocation information via web service

AsyncRat

StormKitty

StormKitty payload

Async RAT payload

AsyncRat

StormKitty

StormKitty payload

Async RAT payload

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Drops desktop.ini file(s)

AsyncRat

StormKitty

StormKitty payload

Async RAT payload