asyncrat | dae7770b57f5f210c7bfcc8056ce466496fb9530c134663ac11f9d98e03af889 | Triage

Submit
Reports

Overview

overview

Static

static

TM.exe

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

TM.exe
Size

175KB
Sample

230525-t4n53sbh8y
MD5

4f52dae15e37c52c33d49702e3cba0ef
SHA1

e80df93bcaa8f2f4629c8934919814949a525270
SHA256

dae7770b57f5f210c7bfcc8056ce466496fb9530c134663ac11f9d98e03af889
SHA512

6a4080b33e405d65b99f167c91992b079bfbc61a4347bc99c7abd7bd1cf8e6d12503d94697a2096d22643996b5b9ae1e4b2a4dccb93ef1d0cc538d7236a7c3b0
SSDEEP

3072:7e8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTKwAqE+Wpor:mXtb5KcXr7XmfgqtjhAxZ0b2j

Score

10^/10

asyncrat stormkitty default rat spyware stealer

Static task

static1

rat default asyncrat stormkitty

5 signatures

Behavioral task

behavioral1

Sample

TM.exe

Resource

win10-20230220-en

asyncrat stormkitty default rat spyware stealer

windows10-1703-x64

12 signatures

1800 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6178725122:AAEGN1XZdL_rGbko9WTpxHNIJyebVBPQfq0/sendMessage?chat_id=944554218

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  TM.exe
- Size
  
  175KB
- MD5
  
  4f52dae15e37c52c33d49702e3cba0ef
- SHA1
  
  e80df93bcaa8f2f4629c8934919814949a525270
- SHA256
  
  dae7770b57f5f210c7bfcc8056ce466496fb9530c134663ac11f9d98e03af889
- SHA512
  
  6a4080b33e405d65b99f167c91992b079bfbc61a4347bc99c7abd7bd1cf8e6d12503d94697a2096d22643996b5b9ae1e4b2a4dccb93ef1d0cc538d7236a7c3b0
- SSDEEP
  
  3072:7e8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTKwAqE+Wpor:mXtb5KcXr7XmfgqtjhAxZ0b2j
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncratstormkitty

behavioral1

asyncratstormkittydefaultratspywarestealer

© 2018-2025

Terms | Privacy