asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

Installer_x64_Final_Release.rar
Size

145.6MB
Sample

241104-q6ms9azmd1
MD5

a337610f79fcd11df9fc4dcfe0919fea
SHA1

b75c61dfb936adf769d31f5c4de309b25facabef
SHA256

7fa3c53115c61a095da7ce93276e828198fba45f93c30bf245a0ffd9266a77bf
SHA512

8e9ec18d7f31ef7398badcecb870e2f9e66a58afa7eba442cbb0a95d2dfb59b452b55fec5fcb5f02332c557bfadbf99c935d7be1cca9ad68aed1a00feb8ffc30
SSDEEP

1572864:5IM8N+iHhk1faoXHOp+l82JfpwFzrlxU6fbXLc:WQQhkFXuoS2JiVsYL

Score

10^/10

Malware Config

Targets

- Target
  
  Installer_x64_Final_Release.exe
- Size
  
  349KB
- MD5
  
  c7e6efa0d590d5549cbcc04c002e7d52
- SHA1
  
  928ae92ad78feb1a6619002a426fd29259ebbb10
- SHA256
  
  4fedd10d64e0b83fe1c8a6cc64116143340606ac1b4222fb3c2cd1ec69aa75f3
- SHA512
  
  ad2e2101370ba3878ebf35f598119e16325a8929685e59ddf9b920fb9ac77e7dfc1abbe323673a9d494f6eb3ed37867e615af4305ceee151d4a932cbe971b16b
- SSDEEP
  
  3072:sn/GaFJJZ+Qima9IjVe9+L+xZ2N4OCSPQwZkXkAy5vHSQhQWXUjzBW2HwbvWUFIY:IBmm+aVecLuK0uPZQkkQq9Wew7a6n
Score

10^/10

execution persistence asyncrat stormkitty discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  app-11.17.0/Installer_x64_Final_Release.exe
- Size
  
  95.5MB
- MD5
  
  f2f9c5b1eb68455185007b88f103d600
- SHA1
  
  84ab052e850735cda8f89c699863217e4f21fbbf
- SHA256
  
  8d98a2d11c274829ecf4d8ec77762aafd94cae3d731de25e09d7e7eeb9f74088
- SHA512
  
  6079f76fa212be5dbc301aa59c049a29a5c5671a94b48b416f64297777276dd2646676b47923dbfe5df5b61c54627c8221ea4fdd5b1d3a5c58e778bc85aa8bf2
- SSDEEP
  
  1536:brae78zjORCDGwfdCSog01313QAjs5g+lmiujO3TlP76kn:RahKyd2n31n45vkSTlPJn
Score

10^/10

asyncrat stormkitty discovery execution persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  app-11.17.0/Squirrel-UpdateSelf.log
- Size
  
  265B
- MD5
  
  37b954913db107805d64295f28aade24
- SHA1
  
  4429d0493ffca8a9a74de479b23018f68a09417a
- SHA256
  
  e25d34332b6a6430c38cb29e9103d4b20c6c472f354480fe125553d57a3948a2
- SHA512
  
  0b48f70da6a7d6448d77b9c91c75e2a46467c73c2b9d57a24203f6ff70521a7b097757f92a0c033c9c26faa81a7b59705543f37c39fac646e87e942a7e7d068d
Score

1^/10
behavioral4 behavioral5
- Target
  
  app-11.17.0/chrome_100_percent.pak
- Size
  
  163KB
- MD5
  
  4fc6564b727baa5fecf6bf3f6116cc64
- SHA1
  
  6ced7b16dc1abe862820dfe25f4fe7ead1d3f518
- SHA256
  
  b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb
- SHA512
  
  fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2
- SSDEEP
  
  3072:IOzwJCGIekwdLpsXYFAXg6IL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:IOzw1Iekam5QpK18Gb0OV8ld0GecQ3Ey
Score

3^/10

discovery
behavioral6 behavioral7
- Target
  
  app-11.17.0/chrome_200_percent.pak
- Size
  
  222KB
- MD5
  
  47668ac5038e68a565e0a9243df3c9e5
- SHA1
  
  38408f73501162d96757a72c63e41e78541c8e8e
- SHA256
  
  fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32
- SHA512
  
  5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89
- SSDEEP
  
  6144:QsDQYaSN6svydHLhQegx5GMRejnbdZnVE6YoppO4:QBfSN6svydrx6edhVELoXO4
Score

3^/10

discovery
behavioral8 behavioral9
- Target
  
  app-11.17.0/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  910aa228a5f27661e394043ea96aac21
- SHA1
  
  fe8d8f9498c7d22f12efd1501d5cfdca270bec16
- SHA256
  
  c3cefd0670787a99f4e6c68d0c7e7d1cab838c492571d6dd1a32354b280f5b75
- SHA512
  
  bf548e1e4782d80197749d7457b1818452feb46fc06757281759f88fecbdee5be0d4e713e1f52c61ee9109e3894b592511071ad8f136fe9ef50c980fee4582f5
- SSDEEP
  
  49152:WCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNU:1G2QCwmHXnog/pzHAo/A2l
Score

1^/10
behavioral10
- Target
  
  app-11.17.0/ffmpeg.dll
- Size
  
  2.8MB
- MD5
  
  b2d1dade61e677d99f682301d4c53c38
- SHA1
  
  1d3f5e4c36da2edd2058670fd9c68ebd40060341
- SHA256
  
  1932a00cb469a77935149167a78e6461741a35c4bdc854e4e4c2e8e24336f6e6
- SHA512
  
  d4b17c9845add5bea0da1f4cac69ad815668582f32e42aecd3da8ecdb59c260cce28515beca082ef136ce008733904690206928b0882ff398a42173cd3229de4
- SSDEEP
  
  49152:ZV/pnP4IlxHhlZsHeGJ4r6WV7KcQ3CT2JgDUWjhJdf1:7/pnw+GSr6WV2v3+DUchvf1
Score

1^/10
behavioral11 behavioral12
- Target
  
  app-11.17.0/icudtl.dat
- Size
  
  10.2MB
- MD5
  
  e0f1ad85c0933ecce2e003a2c59ae726
- SHA1
  
  a8539fc5a233558edfa264a34f7af6187c3f0d4f
- SHA256
  
  f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
- SHA512
  
  714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28
- SSDEEP
  
  196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  app-11.17.0/libEGL.dll
- Size
  
  455KB
- MD5
  
  53d509587c02342f6059b7a01441f464
- SHA1
  
  cb5b20bbd655403c811abe6effe1158c6e495f34
- SHA256
  
  83354a143d8facf684c86a92b5c3acd009bd4ee7f6e2719aa6ad6859e5b3783a
- SHA512
  
  fae6248d74fca5c85107c4678cb6e4150c4b0a64fe3b2520686d8a17d57bb21c9e4e456e7bbdd8e47b4123e440a3f94235611ef1de762519092b92ae7af82935
- SSDEEP
  
  6144:vjBq+Qu+QeSCQneMI43ZAtdRiS/B7feAzK8iw8sodP9VmUKIs:LBjeSCQneMIIqdRiSJ5ww8sodP+5
Score

1^/10
behavioral15 behavioral16
- Target
  
  app-11.17.0/libGLESv2.dll
- Size
  
  7.5MB
- MD5
  
  69247a913e1415d30e9bab29e8af3b07
- SHA1
  
  93c18079a14103577cb60988cf9685b3ffdee824
- SHA256
  
  1a818a7399a797d0b1d59df87176840916fbcaf74303f0eefb4f58436a10c8f0
- SHA512
  
  6e89fa9a2ee6781e948007193c32b6f76aa7911a546ab28b3e4aca5a5ecf9d8f34b20c3e0c76b29c05c890ba506448db25544eeede25e9a001c931d1cd0917ce
- SSDEEP
  
  98304:4fokq3nHFGE9l83JKJ5pPIg3jMgekXm3eSIwLK:ZYAK5KLpj3/egCeSIOK
Score

1^/10
behavioral17 behavioral18
- Target
  
  app-11.17.0/locales/en-GB.pak
- Size
  
  424KB
- MD5
  
  a1aa885be976f3c27a413389ea88f05f
- SHA1
  
  4c7940540d81bee00e68883f0e141c1473020297
- SHA256
  
  4e4d71f24f5eea6892b961fcda014fc74914c1340366f9c62f0535e9b94ae846
- SHA512
  
  8b6d67e09fbe7a2152a71532a82c1e301d56cdde34b83a9f17d9f471e258b255d5b2d4a0c39f38581da3a31cec24fb403156a8e493560d7206e1ec3db7e68b72
- SSDEEP
  
  6144:heMA5+ocjYbYMP9ejI/AfaYzyJyC5+S6Bc0RIIf:kMhoxYMEI/+I5+Smf
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  app-11.17.0/locales/en-US.pak
- Size
  
  428KB
- MD5
  
  809b600d2ee9e32b0b9b586a74683e39
- SHA1
  
  99d670c66d1f4d17a636f6d4edc54ad82f551e53
- SHA256
  
  0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb
- SHA512
  
  9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431
- SSDEEP
  
  6144:5GdVxPtFXqVtOMP9eXe9HfaYvaVP51SLngF/cjjwB:yVpwOMge9B251SXjwB
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  app-11.17.0/locales/uk.pak
- Size
  
  870KB
- MD5
  
  83e5f0092b6d72403b60fe0e1e228331
- SHA1
  
  989ed480b7ef55dfc9ccfbef1a5b9b0e104693d8
- SHA256
  
  29d68d90512ee9952635c7e074d5ab210531d93ae24c11a8f91bca20b685e9a2
- SHA512
  
  9895928ee516db7d4395b2788135a814031b9ba45e3a837e633bc253b08d6f380e4078d4d3fd51ae37502a39ff45a0166969fb62365e890f4960a51040b20941
- SSDEEP
  
  12288:OnyGlcHZ1U6nnzKT0hsEiwIt35GB3IjZAmXEN7OucLNiXEqqb6Red:OyGlNMi5rEo
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  app-11.17.0/locales/vi.pak
- Size
  
  602KB
- MD5
  
  e088be14dded779f50feabc4906d5ae7
- SHA1
  
  0eeca2c7ea82a03b6373c84adf1a890f29e18b05
- SHA256
  
  25aeee59775ae38b21a091107022312fc228f96dbea906042bf3626b7cf86b98
- SHA512
  
  af9d1e415a6d06c28df9abaae1f337bf4dd3e323dfd5560df5fb35d01c6801b9145072ee85ab4c524c489fb6cdea956ce327b8c4f6820197d76fc2f33171ca3d
- SSDEEP
  
  12288:tvN+cBwJGroEw/au9nPgsHvL04vCFsN91xe5c8hp6IDkivwziMHq3wtk5:tF+cBwJGiawPgsHT04QP5c8r6hivKiMY
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  app-11.17.0/locales/zh-CN.pak
- Size
  
  435KB
- MD5
  
  d1145f2dcb13c5ba797df5a0792553c8
- SHA1
  
  e8d9604300d6413fc896d252a0261be2dfdebfbd
- SHA256
  
  6a9a1f5b7674da36f20cb76af7e3e75e9e56873539e8a3b32895ebba439af83a
- SHA512
  
  f54adffc7d40866fd53dbb238687116d46354f79580877b5d4d93840494e604deaeaeb7e825f6a00d020f3c58d1fb9df8af667feb64c86f243ecab57765623e9
- SSDEEP
  
  6144:UBs0tawPNPvzgIa+X7956i0dhpDt5p6LNuhe39w14lW:UTtjP5vz1ao56i0dHt5MLNuhe39m
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  app-11.17.0/locales/zh-TW.pak
- Size
  
  430KB
- MD5
  
  1eb532e97b84db33a50055bbd7d36200
- SHA1
  
  7aaf0560a16a9754059871a000d237964f3ab0c8
- SHA256
  
  6a43c8fac5a0ce7c7a21b30ac7bc2167488e17c81c76c00f0b92b49e9e46e469
- SHA512
  
  c946d82bd6ced6e61b35acaf7ace1a61f226c4891caaeeeec9ce4a3ab45e6f43c35dbb388d6d5fa925ed020d7d10f951fa2048269d0585ad3b723f5ad8f4eabc
- SSDEEP
  
  6144:kXS7RfHbcTzD+J1ke82TuVnQh2Y5fHIzwHobAy+77zeJTs:kGR4TzVdnQh2Y5fHIzpZS7z
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  app-11.17.0/resources.pak
- Size
  
  5.1MB
- MD5
  
  57fd79bd2c10adacc288fb6aec1576a9
- SHA1
  
  7fad7349dc93adb1580447914db2c15abc5c162c
- SHA256
  
  862431f3cbef4af67677e6a86f5a8202ba3703400323bc192fd0b11b9e7a40e8
- SHA512
  
  ad07cfd072f7c8a04a9971b863a0d15d9b8c40735391f44c7d64caf847c7ca9a5c24e0d6380dad8da4d02b017ebcffdcede05675a549268dc715e855b9d15f6d
- SSDEEP
  
  98304:It1j25dN0JgWPVcz+cd31rJ7JBXbwHgf31/LrwrWBpcdmTHWCF3UlfPcauPFcHNp:Itp8v0JPdB831FJ5wHwlzkrWBQmTHWoM
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Asyncrat family

StormKitty

StormKitty payload

Stormkitty family

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Adds Run key to start application

Suspicious use of SetThreadContext

AsyncRat

Asyncrat family

StormKitty

StormKitty payload

Stormkitty family

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32