asyncrat | 110fd83bdeee1785c51b4ae919ea9aabffe74dfd9014a42577bb5ede476ea58a | Triage

Submit
Reports

Overview

overview

Static

static

Toolz (astro).zip

windows11-21h2-x64

Resubmissions

01-10-2024 16:24

241001-twvynayfpr 10

27-09-2024 00:57

240927-bawzqaxamj 10

26-09-2024 23:29

240926-3gqj3awfpc 10

26-09-2024 18:54

240926-xkc59avhjh 10

26-09-2024 18:38

240926-w945lavbqe 10

26-09-2024 16:26

240926-txsvpazdng 10

Sharing

General

Target

Toolz (astro).zip
Size

161.1MB
Sample

240926-xkc59avhjh
MD5

103e93f9408f4195f294dc1aea765604
SHA1

6e25051cb67851af85c1df5d1b91a90321e0957e
SHA256

110fd83bdeee1785c51b4ae919ea9aabffe74dfd9014a42577bb5ede476ea58a
SHA512

99dc616c28b3389bf4c5b49eaa5cb2f91eaeb0c9a22147a5da5bbe9e1dc061410f90ebc8e0064a4a070faba40448b551278cc578fa8dea638f9e45a27cbcdf56
SSDEEP

3145728:sZparHZgZR/+0kZSi9vkbRNjX8GXKXaU5OgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrl:6oGZp+0kut2OgTIJ7y+rL5oxaNb

Score

10^/10

asyncrat stealerium stormkitty default discovery rat stealer

Static task

static1

stormkitty stealerium

6 signatures

Behavioral task

behavioral1

Sample

Toolz (astro).zip

Resource

win11-20240802-en

asyncrat stealerium stormkitty default discovery rat stealer

windows11-21h2-x64

26 signatures

1800 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Toolz (astro).zip
- Size
  
  161.1MB
- MD5
  
  103e93f9408f4195f294dc1aea765604
- SHA1
  
  6e25051cb67851af85c1df5d1b91a90321e0957e
- SHA256
  
  110fd83bdeee1785c51b4ae919ea9aabffe74dfd9014a42577bb5ede476ea58a
- SHA512
  
  99dc616c28b3389bf4c5b49eaa5cb2f91eaeb0c9a22147a5da5bbe9e1dc061410f90ebc8e0064a4a070faba40448b551278cc578fa8dea638f9e45a27cbcdf56
- SSDEEP
  
  3145728:sZparHZgZR/+0kZSi9vkbRNjX8GXKXaU5OgTbt+J7y+rL58Nj6m+ctQ+xhZJZSrl:6oGZp+0kut2OgTIJ7y+rL5oxaNb
Score

10^/10

asyncrat stealerium stormkitty default discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Stealerium
  An open source info stealer written in C# first seen in May 2022.
  stealer stealerium
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittystealerium

behavioral1

asyncratstealeriumstormkittydefaultdiscoveryratstealer

© 2018-2024

Terms | Privacy