asyncrat

General

Target

92f2a11dbb3411bb3d30846bd6eec0b6411d5e03bf579c7f9d81c0fc649f1471N
Size

798KB
Sample

241009-aebzns1fpr
MD5

e34eb26af335bd435c40f82b3f8b48d0
SHA1

e4b7b90c3cdb4e3db62544d0117454def485964c
SHA256

92f2a11dbb3411bb3d30846bd6eec0b6411d5e03bf579c7f9d81c0fc649f1471
SHA512

922bd73e1797ece2979849a17a3bb788dc8316cab6fdf9f354fc6059e517c8a62d0d93c365c16e9fc8fef456f212213f7861cd3ed13c08a51cbcf63c816f58fd
SSDEEP

12288:mLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QVc42F+DdfM:EfmMv6Ckr7Mny5QVF0EdE

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

LOGS

C2

72.11.142.133:4449

Mutex

orkxnmmqoswplswmucl

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  92f2a11dbb3411bb3d30846bd6eec0b6411d5e03bf579c7f9d81c0fc649f1471N
- Size
  
  798KB
- MD5
  
  e34eb26af335bd435c40f82b3f8b48d0
- SHA1
  
  e4b7b90c3cdb4e3db62544d0117454def485964c
- SHA256
  
  92f2a11dbb3411bb3d30846bd6eec0b6411d5e03bf579c7f9d81c0fc649f1471
- SHA512
  
  922bd73e1797ece2979849a17a3bb788dc8316cab6fdf9f354fc6059e517c8a62d0d93c365c16e9fc8fef456f212213f7861cd3ed13c08a51cbcf63c816f58fd
- SSDEEP
  
  12288:mLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QVc42F+DdfM:EfmMv6Ckr7Mny5QVF0EdE
Score

10^/10

asyncrat logs discovery rat stormkitty stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- VenomRAT
  Detects VenomRAT.
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

StormKitty

StormKitty payload

VenomRAT

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2