asyncrat | fbbb5ea69c9b064e3a7017f784a37f54937826fe958b03d65458b4c7e492365c | Triage

Sharing

General

Target

fbbb5ea69c9b064e3a7017f784a37f54937826fe958b03d65458b4c7e492365c
Size

95.5MB
Sample

241117-stzy6asgme
MD5

ce6f5ba448e5b85d0410c70eb68b8b7b
SHA1

d82919e11eeaa23997e5047d2041c5acb8c3bab5
SHA256

fbbb5ea69c9b064e3a7017f784a37f54937826fe958b03d65458b4c7e492365c
SHA512

1f9a82b77ae9e18d82b4c0751e114b27f1b009968644353ed2bfeb5315b8f8fcd4dee4c74b00d35bc1f76cd0bd0078014697797dfe4fd082dd54460aa7260dee
SSDEEP

1536:srae78zjORCDGwfdCSog01313zAYs5gczGNuKTFP76k:0ahKyd2n31UR5MTFPJ

Score

10^/10

asyncrat stormkitty venomrat discovery execution persistence rat stealer

Malware Config

Targets

- Target
  
  fbbb5ea69c9b064e3a7017f784a37f54937826fe958b03d65458b4c7e492365c
- Size
  
  95.5MB
- MD5
  
  ce6f5ba448e5b85d0410c70eb68b8b7b
- SHA1
  
  d82919e11eeaa23997e5047d2041c5acb8c3bab5
- SHA256
  
  fbbb5ea69c9b064e3a7017f784a37f54937826fe958b03d65458b4c7e492365c
- SHA512
  
  1f9a82b77ae9e18d82b4c0751e114b27f1b009968644353ed2bfeb5315b8f8fcd4dee4c74b00d35bc1f76cd0bd0078014697797dfe4fd082dd54460aa7260dee
- SSDEEP
  
  1536:srae78zjORCDGwfdCSog01313zAYs5gczGNuKTFP76k:0ahKyd2n31UR5MTFPJ
Score

10^/10

asyncrat stormkitty venomrat discovery execution persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittyvenomratdiscoveryexecutionpersistenceratstealer