asyncrat | b250a8cb9042a96d90850ef165b43cd50624878916ab0dd259a577032912e055 | Triage

Submit
Reports

Overview

overview

Static

static

1

Cryos Woofer.exe

windows7-x64

Cryos Woofer.exe

windows10-2004-x64

Sharing

General

Target

Cryos Woofer.exe
Size

3.2MB
Sample

241207-2pp3tsxrct
MD5

2129b89ba0537555b185f6fb819c0693
SHA1

008c94d1dc3bcf3ae3ce4c735fad94f810b844b8
SHA256

b250a8cb9042a96d90850ef165b43cd50624878916ab0dd259a577032912e055
SHA512

005b4155242b4711b07e34f1435a6e7268d5d3217a44f99df6137280647d2673a078ea0d8e1f8ba192a2209777cf2ad0dc960373cceda11be0b4ecf36fc2048b
SSDEEP

98304:t2BvT8knglXKHw6ub2NQOtmnuu4Yv21O5PEsOPR:t2ZYPGPzQ0muu4Yv/PROPR

Score

10^/10

asyncrat stormkitty discovery rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Cryos Woofer.exe

Resource

win7-20240729-en

asyncrat stormkitty discovery rat stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

Cryos Woofer.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Cryos Woofer.exe
- Size
  
  3.2MB
- MD5
  
  2129b89ba0537555b185f6fb819c0693
- SHA1
  
  008c94d1dc3bcf3ae3ce4c735fad94f810b844b8
- SHA256
  
  b250a8cb9042a96d90850ef165b43cd50624878916ab0dd259a577032912e055
- SHA512
  
  005b4155242b4711b07e34f1435a6e7268d5d3217a44f99df6137280647d2673a078ea0d8e1f8ba192a2209777cf2ad0dc960373cceda11be0b4ecf36fc2048b
- SSDEEP
  
  98304:t2BvT8knglXKHw6ub2NQOtmnuu4Yv21O5PEsOPR:t2ZYPGPzQ0muu4Yv/PROPR
Score

10^/10

asyncrat stormkitty discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittydiscoveryratstealer

behavioral2

© 2018-2024

Terms | Privacy