asyncrat | 10c0d4921910751c17d1ab6c74e48a3c9d5be28aa55b80762418765dcdcbe06c | Triage

Submit
Reports

Overview

overview

Static

static

IpCam Bruter.exe

windows7-x64

IpCam Bruter.exe

windows10-2004-x64

Sharing

General

Target

IpCam Bruter.exe
Size

143KB
Sample

240823-nbyads1aje
MD5

ff94c762dc8bda27e4e75c4285ab89fa
SHA1

897b8c1939ce10abf5b5b5cbc71883adb8715afe
SHA256

10c0d4921910751c17d1ab6c74e48a3c9d5be28aa55b80762418765dcdcbe06c
SHA512

6df88282d7898a9123459cab326881521e6ad4f39ddf8c5dbb95c0cb5635521673a1a4ada47f4f68fdb948f384912a718bb8f7cf712b5c25377493e0dba26707
SSDEEP

3072:d3YO5kKdXl0ZRBL/Tuny9bdcGZcKRWpgep82z:JYO4RBTTgy9bCdX

Score

10^/10

asyncrat stormkitty credential_access discovery persistence privilege_escalation rat spyware stealer

Static task

static1

rat asyncrat stormkitty

5 signatures

Behavioral task

behavioral1

Sample

IpCam Bruter.exe

Resource

win7-20240705-en

asyncrat stormkitty credential_access discovery persistence privilege_escalation rat spyware stealer

windows7-x64

15 signatures

1800 seconds

Behavioral task

behavioral2

Sample

IpCam Bruter.exe

Resource

win10v2004-20240802-en

asyncrat stormkitty credential_access discovery persistence privilege_escalation rat spyware stealer

windows10-2004-x64

15 signatures

1800 seconds

Malware Config

Targets

- Target
  
  IpCam Bruter.exe
- Size
  
  143KB
- MD5
  
  ff94c762dc8bda27e4e75c4285ab89fa
- SHA1
  
  897b8c1939ce10abf5b5b5cbc71883adb8715afe
- SHA256
  
  10c0d4921910751c17d1ab6c74e48a3c9d5be28aa55b80762418765dcdcbe06c
- SHA512
  
  6df88282d7898a9123459cab326881521e6ad4f39ddf8c5dbb95c0cb5635521673a1a4ada47f4f68fdb948f384912a718bb8f7cf712b5c25377493e0dba26707
- SSDEEP
  
  3072:d3YO5kKdXl0ZRBL/Tuny9bdcGZcKRWpgep82z:JYO4RBTTgy9bCdX
Score

10^/10

asyncrat stormkitty credential_access discovery persistence privilege_escalation rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratasyncratstormkitty

behavioral1

asyncratstormkittycredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

behavioral2

asyncratstormkittycredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

© 2018-2024

Terms | Privacy