asyncrat | f66d125ed2d2267ac2de3b7290b0abfa9a1b4265d04ed872a4d96888888d5296 | Triage

Submit
Reports

Overview

overview

Static

static

ess.exe

windows11-21h2-x64

Sharing

General

Target

ess.pif
Size

38KB
Sample

240417-x45dvabg32
MD5

a657e08819360c2d09a02900c1340cc1
SHA1

009c944d9182e96a4d1a67f09dbe2edd0864b068
SHA256

f66d125ed2d2267ac2de3b7290b0abfa9a1b4265d04ed872a4d96888888d5296
SHA512

0ef5ddc58e4d30d4df2200b18ac66671fb223924011854242e0702b89b75c9d1fa54ef88d9a133309f0c20e021ebe1d39a6626172f6e37c73b356f349d4405d9
SSDEEP

768:P5fQwpevonRaGqwhXARyrjJj9HNy6B6SE7NL:P5pa1whXA4x9tJop7NL

Score

10^/10

asyncrat stormkitty evasion persistence rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ess.exe

Resource

win11-20240412-en

asyncrat stormkitty evasion persistence rat spyware stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  ess.pif
- Size
  
  38KB
- MD5
  
  a657e08819360c2d09a02900c1340cc1
- SHA1
  
  009c944d9182e96a4d1a67f09dbe2edd0864b068
- SHA256
  
  f66d125ed2d2267ac2de3b7290b0abfa9a1b4265d04ed872a4d96888888d5296
- SHA512
  
  0ef5ddc58e4d30d4df2200b18ac66671fb223924011854242e0702b89b75c9d1fa54ef88d9a133309f0c20e021ebe1d39a6626172f6e37c73b356f349d4405d9
- SSDEEP
  
  768:P5fQwpevonRaGqwhXARyrjJj9HNy6B6SE7NL:P5pa1whXA4x9tJop7NL
Score

10^/10

asyncrat stormkitty evasion persistence rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies visibility of file extensions in Explorer
  evasion
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratstormkittyevasionpersistenceratspywarestealer

© 2018-2024

Terms | Privacy