asyncrat | 19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3 | Triage

Submit
Reports

Overview

overview

Static

static

1

hy.ps1

windows7-x64

1

hy.ps1

windows10-2004-x64

Sharing

General

Target

hy.ps1
Size

9.0MB
Sample

240425-qex5xaba4z
MD5

c867dbeca2907417d58f0bfb4de699d6
SHA1

fa942ea34e59c938d9c307a9c5054118b21fa699
SHA256

19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3
SHA512

2658decfca16f085932c43ee6397cb449ab7ecf041d2c46630a5fdb3075c21eb9e5836ddb2e9018f4aac99f68ba9a1c3e19973da5c9ca58fc9bb2f7278b557e5
SSDEEP

24576:sEAjJLSsZ05S8PllqWR4Q4/YVwCxCpMt8JNim5irz5aRt5vQZUZMc7JS0Ccn3ban:W8RVkwoFZ0qQpynBV

Score

10^/10

asyncrat stealerium default collection rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

hy.ps1

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

hy.ps1

Resource

win10v2004-20240412-en

asyncrat stealerium default collection rat stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.92.252.234:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  hy.ps1
- Size
  
  9.0MB
- MD5
  
  c867dbeca2907417d58f0bfb4de699d6
- SHA1
  
  fa942ea34e59c938d9c307a9c5054118b21fa699
- SHA256
  
  19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3
- SHA512
  
  2658decfca16f085932c43ee6397cb449ab7ecf041d2c46630a5fdb3075c21eb9e5836ddb2e9018f4aac99f68ba9a1c3e19973da5c9ca58fc9bb2f7278b557e5
- SSDEEP
  
  24576:sEAjJLSsZ05S8PllqWR4Q4/YVwCxCpMt8JNim5irz5aRt5vQZUZMc7JS0Ccn3ban:W8RVkwoFZ0qQpynBV
Score

10^/10

asyncrat stealerium default collection rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Async RAT payload
  rat
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

asyncratstealeriumdefaultcollectionratstealer

© 2018-2024

Terms | Privacy