asyncrat | 3b738aca822d7d42a1e7700ee8a8e3c3c86bcc0b5ba6f5ef8d3583003c17c81c | Triage

Submit
Reports

Overview

overview

Static

static

1

pdf.exe

windows7-x64

pdf.exe

windows10-2004-x64

Sharing

General

Target

pdf.exe
Size

2.7MB
Sample

241029-1swt4szhnd
MD5

cf84711e3c2b8a0d6df8ac0550185893
SHA1

16238c6487a5c00398458658a123be9a8bf63532
SHA256

3b738aca822d7d42a1e7700ee8a8e3c3c86bcc0b5ba6f5ef8d3583003c17c81c
SHA512

ead98b871890458131bb096124fd92f38e94795e19ecf5a70597b74ab8617b87ec81368113660c6588d60f98f74372728134c4cd81cc938e1afa76e4fb2cef96
SSDEEP

49152:/ZEkRPDWaRdGSQ5K//XMCs9pvilPahSzWXXyvd0jX3N6XbOE+HfW:/ZHHcvsnMleaszWng0b3NWa/W

Score

10^/10

asyncrat stormkitty venomrat discovery rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

pdf.exe

Resource

win7-20240903-en

asyncrat stormkitty venomrat discovery rat stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

pdf.exe

Resource

win10v2004-20241007-en

asyncrat stormkitty venomrat discovery rat stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  pdf.exe
- Size
  
  2.7MB
- MD5
  
  cf84711e3c2b8a0d6df8ac0550185893
- SHA1
  
  16238c6487a5c00398458658a123be9a8bf63532
- SHA256
  
  3b738aca822d7d42a1e7700ee8a8e3c3c86bcc0b5ba6f5ef8d3583003c17c81c
- SHA512
  
  ead98b871890458131bb096124fd92f38e94795e19ecf5a70597b74ab8617b87ec81368113660c6588d60f98f74372728134c4cd81cc938e1afa76e4fb2cef96
- SSDEEP
  
  49152:/ZEkRPDWaRdGSQ5K//XMCs9pvilPahSzWXXyvd0jX3N6XbOE+HfW:/ZHHcvsnMleaszWng0b3NWa/W
Score

10^/10

asyncrat stormkitty venomrat discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittyvenomratdiscoveryratstealer

behavioral2

asyncratstormkittyvenomratdiscoveryratstealer

© 2018-2024

Terms | Privacy