asyncrat | 40ba4a68575cda8b4da56ef2efae3f3c217bf7b78d68c29086e86d324d3ebffa | Triage

Submit
Reports

Overview

overview

Static

static

3

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

605KB
Sample

240415-c75hssfc4s
MD5

78f7efed48c531657b84cd66911c7eef
SHA1

eedcf0f081c78adfcefe3e9208bc83b252f1b4aa
SHA256

40ba4a68575cda8b4da56ef2efae3f3c217bf7b78d68c29086e86d324d3ebffa
SHA512

519a27a1d28e855d2b8c128f8723200ff7f790069f8087a2c6470e8437b12192a444a79ff4024cf278215db718391e770b783dc167ea321efbfc76e2411c26df
SSDEEP

12288:JvqsfIozrJqppjn1rmq12WaD+1Fri1xbcR:h9vrMjn1r5aCjg9cR

Score

10^/10

asyncrat quasar stormkitty default rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20240221-en

asyncrat quasar stormkitty default rat spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20240412-en

asyncrat quasar stormkitty default rat spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  tmp
- Size
  
  605KB
- MD5
  
  78f7efed48c531657b84cd66911c7eef
- SHA1
  
  eedcf0f081c78adfcefe3e9208bc83b252f1b4aa
- SHA256
  
  40ba4a68575cda8b4da56ef2efae3f3c217bf7b78d68c29086e86d324d3ebffa
- SHA512
  
  519a27a1d28e855d2b8c128f8723200ff7f790069f8087a2c6470e8437b12192a444a79ff4024cf278215db718391e770b783dc167ea321efbfc76e2411c26df
- SSDEEP
  
  12288:JvqsfIozrJqppjn1rmq12WaD+1Fri1xbcR:h9vrMjn1r5aCjg9cR
Score

10^/10

asyncrat quasar stormkitty default rat spyware stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratquasarstormkittydefaultratspywarestealertrojan

behavioral2

asyncratquasarstormkittydefaultratspywarestealertrojan

© 2018-2024

Terms | Privacy