asyncrat | 106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6 | Triage

Resubmissions

20-11-2024 09:57

241120-ly8njawbjq 10

20-11-2024 09:40

241120-lnebyazkel 7

Sharing

General

Target

Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀.exe
Size

61.1MB
Sample

241120-ly8njawbjq
MD5

a83705763f911f07c48df4910f0978a6
SHA1

1ee5bb301336c1687f6ebb0ef30d636f9e493c3d
SHA256

106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6
SHA512

6fb9c048428c61525f3de99e592d4bab4c591c6c65e709c6619ba80cf7c3cc337990f97030e70a7cda8d8a14d5ccea49038cbf28dd869d85367274fa16f921a8
SSDEEP

393216:j76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfEnVQx4urYsANulL7Nd:j0LoCOn+2Es4urYDNulLBiu

Score

10^/10

asyncrat stormkitty discovery persistence rat stealer

Malware Config

Targets

- Target
  
  Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀.exe
- Size
  
  61.1MB
- MD5
  
  a83705763f911f07c48df4910f0978a6
- SHA1
  
  1ee5bb301336c1687f6ebb0ef30d636f9e493c3d
- SHA256
  
  106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6
- SHA512
  
  6fb9c048428c61525f3de99e592d4bab4c591c6c65e709c6619ba80cf7c3cc337990f97030e70a7cda8d8a14d5ccea49038cbf28dd869d85367274fa16f921a8
- SSDEEP
  
  393216:j76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfEnVQx4urYsANulL7Nd:j0LoCOn+2Es4urYDNulLBiu
Score

10^/10

asyncrat stormkitty discovery persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstormkittydiscoverypersistenceratstealer