asyncrat | eb43edc52b7358dd993e2e6343ae4f59492e4b95651ed7877e17da1f5d214ba6 | Triage

Submit
Reports

Overview

overview

Static

static

1

Samsung_Jo...df.lnk

windows7-x64

8

Samsung_Jo...df.lnk

windows10-2004-x64

Sharing

General

Target

eb43edc52b7358dd993e2e6343ae4f59492e4b95651ed7877e17da1f5d214ba6.ZIP
Size

47.7MB
Sample

241128-n7tl3swrgs
MD5

cf97364f1550c9a52e9f87f3ddf2c4ed
SHA1

5d22f99277f4b42605abee708fd265251926e27d
SHA256

eb43edc52b7358dd993e2e6343ae4f59492e4b95651ed7877e17da1f5d214ba6
SHA512

8489ab75ed667fd75b12df3b789141bd79e4a4be8a21a968789e912c09dc7df5648d32327d7cf75aa5bacfaa205e77f2801216e30f987a059399d83459f56e61
SSDEEP

96:TRTzsPp+6DAMgXHeG/gPksN9z3CrM3A2dHvmTU2birCWxXJsf+ONOBl3xug5WNUK:NsRD4XakQx3CrMQ4miDZO+OOfADX

Score

10^/10

asyncrat stormkitty venomrat defense_evasion discovery execution persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Samsung_Job_Application_Document.pdf.lnk

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Samsung_Job_Application_Document.pdf.lnk

Resource

win10v2004-20241007-en

asyncrat stormkitty venomrat defense_evasion discovery execution persistence rat stealer

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  Samsung_Job_Application_Document.pdf.lnk
- Size
  
  47.7MB
- MD5
  
  c2dbb808a94f755506367a63757d3007
- SHA1
  
  9dc8794486160c1b282f50b1e2aa234c77c17c84
- SHA256
  
  b55282e00322a4e28d888c1c252218251366f45639ba5212829e4b3d25dbc50e
- SHA512
  
  c59e52c3b7b74ab5b88d7a8b17a8c8aaaf3aaf9af07dd838d6b785442fef4811e1c01f4aa136e0eef631bce636b9fa652a12a968aa3114d03d911557658370e9
- SSDEEP
  
  24:8DiJ6Kx96xxuJB5J+/ZehoCiyng48HGbuOk6OYuOdZqddqVRVXuHYSJmrS:8DhKzhJPQ+oAg6SOHOxOdkd0tXuHdJ2
Score

10^/10

execution asyncrat stormkitty venomrat defense_evasion discovery persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstormkittyvenomratdefense_evasiondiscoveryexecutionpersistenceratstealer

© 2018-2025

Terms | Privacy