General

  • Target

    e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132

  • Size

    141KB

  • Sample

    230807-cxt93sed5z

  • MD5

    b672f60baad1589079450aa5549dcea3

  • SHA1

    dd798979d475d6d530869fa40608c4eb18b1bd9d

  • SHA256

    e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132

  • SHA512

    1dcee85370b5896f31f4f964494daa62e266f8f15765cca1b3109e69bab288dbae0cc2a4b063094c9f8e28b021f406b673c203821476d0427cf9b1875c630901

  • SSDEEP

    3072:V2iV5NZHXkIiwD8TW8oaqmJzJKoLC5AeOeYiFiP9njsP323MrN/Jl9:V3ZDD85oaqmJzDbCPFW9h8xJl

Malware Config

Extracted

Family

asyncrat

Version

CYB3R R4T 1.0.7

Botnet

Default

C2

166.88.209.145:1337

Mutex

Cyb3r_R4tMutex_Cyb3rw4rrior

Attributes
  • delay

    1

  • install

    true

  • install_file

    WINSERVICE.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132

    • Size

      141KB

    • MD5

      b672f60baad1589079450aa5549dcea3

    • SHA1

      dd798979d475d6d530869fa40608c4eb18b1bd9d

    • SHA256

      e34a439d932f0e6a336d45d406aac1445d7ae4b8d227a101a887a8f53538d132

    • SHA512

      1dcee85370b5896f31f4f964494daa62e266f8f15765cca1b3109e69bab288dbae0cc2a4b063094c9f8e28b021f406b673c203821476d0427cf9b1875c630901

    • SSDEEP

      3072:V2iV5NZHXkIiwD8TW8oaqmJzJKoLC5AeOeYiFiP9njsP323MrN/Jl9:V3ZDD85oaqmJzDbCPFW9h8xJl

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks