asyncrat

General

Target

License Activator Brute Cams.exe
Size

2.1MB
Sample

240823-q6pmvazfrn
MD5

58acdc2f6ce279ffae7f09e73159f2fa
SHA1

2f4f864e499cadefef4cef6dcb999d2a74184e08
SHA256

d86c55ca0d9ab94d9e4e67a7781e933e940d41dd9c8e793272a4eb86548fb012
SHA512

6cb9144a84a72bff80bf7ea8a35487807ab55f99ae25ec3e684b5626cf8af209b341495cd091cfbbe1976d92621938ed2558c9213bdcb5282140ff66b2c6d03a
SSDEEP

49152:jhj9o/Ac0XrZdl2xeC2cZZcbythCBERaO2vun0jihwPH:jToxijC9ZZiy7zUO2vk0jiSPH

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7181778686:AAEMnbtaOsmS5ffJlFMYeA9BDuB8mvZ6F8U/sendMessage?chat_id=6528052400

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  License Activator Brute Cams.exe
- Size
  
  2.1MB
- MD5
  
  58acdc2f6ce279ffae7f09e73159f2fa
- SHA1
  
  2f4f864e499cadefef4cef6dcb999d2a74184e08
- SHA256
  
  d86c55ca0d9ab94d9e4e67a7781e933e940d41dd9c8e793272a4eb86548fb012
- SHA512
  
  6cb9144a84a72bff80bf7ea8a35487807ab55f99ae25ec3e684b5626cf8af209b341495cd091cfbbe1976d92621938ed2558c9213bdcb5282140ff66b2c6d03a
- SSDEEP
  
  49152:jhj9o/Ac0XrZdl2xeC2cZZcbythCBERaO2vun0jihwPH:jToxijC9ZZiy7zUO2vk0jiSPH
Score

10^/10

asyncrat stormkitty default credential_access discovery persistence privilege_escalation rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Async RAT payload
  rat
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2