asyncrat | 9f24c318ca0ba27a2bfb9294b126273817befcf53eff93bcef2024a554bb2775 | Triage

Submit
Reports

Overview

overview

Static

static

ALL PC GAME HACK.exe

windows7-x64

ALL PC GAME HACK.exe

windows10-1703-x64

ALL PC GAME HACK.exe

windows10-2004-x64

ALL PC GAME HACK.exe

windows11-21h2-x64

Sharing

General

Target

ALL PC GAME HACK.exe
Size

170KB
Sample

231207-145ldshc6y
MD5

338b9b7d7bd920ad7f4037f6e5e28354
SHA1

954850a55b45734e081ba042a80091ef8a8a736b
SHA256

9f24c318ca0ba27a2bfb9294b126273817befcf53eff93bcef2024a554bb2775
SHA512

3973e61c65b1b5ae2460f69bd3e5c18167f6f9d96463f1cd60801f15a62a143ecdc5e572270af397e9070594d6552559259daf8d36f7fffeb49a13427280b013
SSDEEP

3072:r3ST4aYp5zZb2faAaVZUwq4LTTSiSNqIPuMi9bxJ2cmty+Wpx:baozZQ7aVOQTSFNXPji9bf

Score

10^/10

asyncrat stormkitty default rat spyware stealer

Static task

static1

rat default asyncrat stormkitty

5 signatures

Behavioral task

behavioral1

Sample

ALL PC GAME HACK.exe

Resource

win7-20231129-en

asyncrat stormkitty default rat spyware stealer

windows7-x64

13 signatures

1800 seconds

Behavioral task

behavioral2

Sample

ALL PC GAME HACK.exe

Resource

win10-20231020-en

asyncrat stormkitty default rat spyware stealer

windows10-1703-x64

12 signatures

1800 seconds

Behavioral task

behavioral3

Sample

ALL PC GAME HACK.exe

Resource

win10v2004-20231127-en

asyncrat stormkitty default rat spyware stealer

windows10-2004-x64

12 signatures

1800 seconds

Behavioral task

behavioral4

Sample

ALL PC GAME HACK.exe

Resource

win11-20231129-en

asyncrat stormkitty default rat spyware stealer

windows11-21h2-x64

12 signatures

1800 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6428436791:AAHUeqTcF4RyQiYJbx3HCWyLufD99p-06s0/sendMessage?chat_id=6119438547

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ALL PC GAME HACK.exe
- Size
  
  170KB
- MD5
  
  338b9b7d7bd920ad7f4037f6e5e28354
- SHA1
  
  954850a55b45734e081ba042a80091ef8a8a736b
- SHA256
  
  9f24c318ca0ba27a2bfb9294b126273817befcf53eff93bcef2024a554bb2775
- SHA512
  
  3973e61c65b1b5ae2460f69bd3e5c18167f6f9d96463f1cd60801f15a62a143ecdc5e572270af397e9070594d6552559259daf8d36f7fffeb49a13427280b013
- SSDEEP
  
  3072:r3ST4aYp5zZb2faAaVZUwq4LTTSiSNqIPuMi9bxJ2cmty+Wpx:baozZQ7aVOQTSFNXPji9bf
Score

10^/10

asyncrat stormkitty default rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncratstormkitty

behavioral1

asyncratstormkittydefaultratspywarestealer

behavioral2

asyncratstormkittydefaultratspywarestealer

behavioral3

asyncratstormkittydefaultratspywarestealer

behavioral4

asyncratstormkittydefaultratspywarestealer

© 2018-2024

Terms | Privacy