asyncrat | 7b1fccf6bbf119b4dbe12e661f7b705b79f4f09af855c2326224b2ff5998b2b8 | Triage

Submit
Reports

Overview

overview

Static

static

3

Sleflistuiq.exe

windows7-x64

1

Sleflistuiq.exe

windows10-2004-x64

Sharing

General

Target

ex-M9rvxGbTb4S5mH3twW3n08Jr4VcIyYiSy-1mYsrg.bin
Size

90KB
Sample

240716-qhtlwsxbnd
MD5

0d46b43a41ac77fb5ebd6a76ac583ce7
SHA1

f61c35661fa88bf24ae6cac5f2feb7d1ba825792
SHA256

7b1fccf6bbf119b4dbe12e661f7b705b79f4f09af855c2326224b2ff5998b2b8
SHA512

7eeb14a33c978109fa047e3b132ed2a72c2703971f4e288b64e6124b41c616fafe3ec989b8dd18cdd4db35f0876f33e1b83b87e16e598692e056cf750f5de4a4
SSDEEP

1536:aw8VbNRypIl0r/gI9DnkOAJf160SNbSaFBv+me/Sjjn2QMyhf3R9LOUmtY9pfgIz:4DypIKRkOAJd4jBmmeaf2QMyhO9aciEm

Score

10^/10

asyncrat stormkitty default persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Sleflistuiq.exe

Resource

win7-20240705-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Sleflistuiq.exe

Resource

win10v2004-20240709-en

asyncrat stormkitty default persistence rat stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

5.206.224.223:36920

Mutex

xkjkorrcim

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Sleflistuiq.exe
- Size
  
  218KB
- MD5
  
  41dd4767d8c5f340b52cbc7258d45c08
- SHA1
  
  7b53ec2d4c693a24745af9710ff5ad1ddb60e8c6
- SHA256
  
  2720acefe611680845b583b7e060d6efeb172945ad7acba49f46ea22693a1f5e
- SHA512
  
  64c3de49e3176d1cf3469043160a7e90421aaa60897b47759478a7932ab5a575465e6c88b6349f1bc06d6a8f28c7582e284fd3ae3dede48274d90338fe8c0caf
- SSDEEP
  
  3072:XedQRhjdznZv+MjmRl9ZL4SD1L8G8YHTS3cerNaV7JUs8VhrMdUT5reUd6:uWRhL+Mjyv54CcYzSSYWUT5reU
Score

10^/10

asyncrat stormkitty default persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstormkittydefaultpersistenceratstealer

© 2018-2025

Terms | Privacy