asyncrat

General

Target

Creative_Brift_Marketing.zip
Size

14.5MB
Sample

241213-je3l3atqgm
MD5

f26d9facbe0f111bef4d91120eaa8895
SHA1

6ef0757ed591ce257f97209fba5e5a8daac2c9d4
SHA256

09bba91a3346b026387e05f996f39b76e6c0e36596626640d436ee21c08acfe5
SHA512

d0a2a5352198061ace016a8b256bbd55810d5c45f28de3bf69c251b7a47dd8bc79cdabfa9e55202e57bd907a22ec670e36b38e09117d217b979ff1e5f285a0c4
SSDEEP

393216:iuihKQgl33Fb3p/cIDoisNrHhxEYsaN/HnbNf1WpcLAcGRrou:iTwQgl3l3pPJ4rHh1N/nhCcLm

Score

10^/10

Malware Config

Targets

- Target
  
  Creative_Brift_Marketing/Creative Brift Marketing Sneaker Daily Deal (6 month plan).lnk
- Size
  
  2KB
- MD5
  
  d555393c916ab9e4e58f027550375e2b
- SHA1
  
  a63e4defb613ee8e3543bdb43046d727710e65a0
- SHA256
  
  4d6eb5362d88fbc0d72285c12538b7233529f2ced117aa07bb6d2cd22a6c3db1
- SHA512
  
  ab6712f292f132631b92c183f694ee4637e64ac02ed71c72a03a8344ac6bb7c5ecac703676a23706259e6528fd0a95573bdb4de820bbf589c4fc4c9d898f0e4b
Score

10^/10

defense_evasion execution asyncrat stormkitty venomrat discovery persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Creative_Brift_Marketing/Potential products want to increase sales/job.bin
- Size
  
  30.6MB
- MD5
  
  f01f7141f5dcb2161ee0701949f91e70
- SHA1
  
  28d2427ee1cd5f4c2a17f020bfaea95daece07d6
- SHA256
  
  68225e21f08b08bd1890e8e0a5d1b379cd9692a2c4a43bffd7ea6bee5e5b409d
- SHA512
  
  6cd177e2d4b385365eb9f549d2f869f1a40483e1c8a4fe0655146c7ca28090cdf14ac9c2a8a1cb7c385f6f824fe2da422b1714cb2ca851a0d1a18cb3be2a31e1
- SSDEEP
  
  49152:/0p9Wz0S8ygXipUpxf2H21a1RFvpB8ciXBXsdO6QKUP+Vzfcw3S6T3G4n/1kbC9z:5
Score

10^/10

asyncrat stormkitty venomrat discovery execution persistence rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4