asyncrat | 8a1d5ca68426a265761fd1f2b421407d404527c9c9d07a9b37c0f8891e91acd7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

113a817200...AS.exe

windows7-x64

113a817200...AS.exe

windows10-2004-x64

Sharing

General

Target

113a8172009135084f3683e7ece90bf0_NEAS
Size

5.0MB
Sample

240507-km97jsha3s
MD5

113a8172009135084f3683e7ece90bf0
SHA1

49c5a4ed9724e189131168e4b36b5bfef04bf4b8
SHA256

8a1d5ca68426a265761fd1f2b421407d404527c9c9d07a9b37c0f8891e91acd7
SHA512

a63d0e382fdc57ac29af218d563dcd9f2488a23d50f4e9b9c379eb2c50a17fe193e306f4889e4601ac4b75a41142f373db96256f1bd3723cdb23c06735b134c1
SSDEEP

24576:AMwwZr0yM7zQP/xmauyndygJfPDR/ZMQfBD:AMweG7UPIsdyER

Score

10^/10

asyncrat stormkitty default rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

113a8172009135084f3683e7ece90bf0_NEAS.exe

Resource

win7-20240221-en

asyncrat default rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

113a8172009135084f3683e7ece90bf0_NEAS.exe

Resource

win10v2004-20240419-en

asyncrat stormkitty default rat stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

crszhkumevmt

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/36QiVce2

aes.plain

Targets

- Target
  
  113a8172009135084f3683e7ece90bf0_NEAS
- Size
  
  5.0MB
- MD5
  
  113a8172009135084f3683e7ece90bf0
- SHA1
  
  49c5a4ed9724e189131168e4b36b5bfef04bf4b8
- SHA256
  
  8a1d5ca68426a265761fd1f2b421407d404527c9c9d07a9b37c0f8891e91acd7
- SHA512
  
  a63d0e382fdc57ac29af218d563dcd9f2488a23d50f4e9b9c379eb2c50a17fe193e306f4889e4601ac4b75a41142f373db96256f1bd3723cdb23c06735b134c1
- SSDEEP
  
  24576:AMwwZr0yM7zQP/xmauyndygJfPDR/ZMQfBD:AMweG7UPIsdyER
Score

10^/10

asyncrat default rat stormkitty stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratstormkittydefaultratstealer

© 2018-2025

Terms | Privacy