asyncrat

General

Target

Redline Stealer v30.2 @Team_R3DZ0N3.zip
Size

53.2MB
Sample

240714-jv6zesvdna
MD5

c4d5c87ec3168fdb4221930899cc4dc3
SHA1

7afb0638284911dd686ca6f0bb4a311191a4f05a
SHA256

81231fab326d0cd2296cc953551d07c82397af3933b18069b54d4943ac8b71bc
SHA512

cbcb2e9039f825d162ee2bf41352c990c3eb009653c199e6edb95ad19dd0de89c3011b9cf3614346afc3a9e77568d51b146c6dd2d03679c5e00d22792e0d5d88
SSDEEP

1572864:krcNHh5KGabT+lO1mEyvVAb6yR1vXbw5yp:zHzKx+gsfyR1vX4yp

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7290956576:AAEqdtE6cg2Gkoyn1hXNmqRl7-0FVD2J6bE/sendMessage?chat_id=6569055789

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Panel/Panel.exe
- Size
  
  1.7MB
- MD5
  
  29c3965e2f5893bd7905ca589cae3188
- SHA1
  
  1276122036cfd994e323621dfe9d3b3e588d149d
- SHA256
  
  c49b8186447154807bad77030cfbde76fd9a6053616537e4c31ed78fbcf2d7d6
- SHA512
  
  268d894ceabf6366d2197b4a2f9c83b05a7afe322508eab08bdd737fa13caf0daaea537075cc4709aade634847f24135cfd290a172bce9259dd8fee6b2d6afa3
- SSDEEP
  
  12288:jLxeIKOsGPgbym1AYdjXpXpXpXpXpXpXEX0XjlC07Ms4HRdt4umBNOu/XpXpXpXw:jLRKOJlYd5B7MsW2ijf96EB2VgmvvWR
Score

3^/10
behavioral1
- Target
  
  builder/RedlineBuilder.exe
- Size
  
  488KB
- MD5
  
  2281dc010aa4af33e4ccfbce434f1435
- SHA1
  
  fe15a3ffd6d2341662857ea573f0bde630c20742
- SHA256
  
  7e649134ad5f4a718ec7123ec3da26b54c0db2d611c97884d7f181b6a0144438
- SHA512
  
  26bb703e5b0ed50eb28675ad72cf46903f2fb904bd424604304187ce34a71529fb2b7fa9d010b0bd6215a8a9fae9af3680816631b13682799fd35249a4733e94
- SSDEEP
  
  12288:7IvU+wMi5kp6I7wxqZvo7aTuncDhgBoy48:7I8G177iaSqkR
Score

10^/10

asyncrat redline stormkitty default infostealer persistence privilege_escalation rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral2
- Target
  
  builder/builder.bat
- Size
  
  581B
- MD5
  
  5bffd9e309e1d362608a5188a0f0cdba
- SHA1
  
  d87cca8b89fc5cc4e77453a8aa03a058c8b5e85b
- SHA256
  
  6fa6de2709d0e38c8b651747cd37f73262118c005ae89e37b80cce0eaad1ff88
- SHA512
  
  8e9b6e0d479b7ea7a1cebd41deb59a13beccf36552388c41ddaf341021a0d62c972846a665cb30948e84981828ec5622570a46bcdb48a8cb6ae0a9991acd5989
Score

10^/10

asyncrat redline stormkitty default infostealer rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Executes dropped EXE
behavioral3