asyncrat | e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675 | Triage

Submit
Reports

Overview

overview

Static

static

3

nj230708full.pdf.exe

windows7-x64

nj230708full.pdf.exe

windows10-2004-x64

Sharing

General

Target

nj230708full.pdf.exe
Size

2.6MB
Sample

241216-lby6kstqdx
MD5

bd216fdea8517b5beb003e0ac03f536e
SHA1

a3f3d4395b74da605bb1e068c846ccb531213f38
SHA256

e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675
SHA512

57dadcbd826b9d2cd99e82d1ba5ada998219378d9c1782388de06c9a2dddc754ec32ca89682cc56e5f38dd55e1a57ce5bd5cb2482ba655ecbbd76206f353d694
SSDEEP

49152:ztJyfM3mq+li7JeXVn2GljPUXSrVFADPtMieH5nqwTs8X3jkXcMt:JUKmzi7Je4GljPUCrzAiieZq8IX3t

Score

10^/10

asyncrat stormkitty venomrat discovery rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

nj230708full.pdf.exe

Resource

win7-20240903-en

asyncrat stormkitty venomrat discovery rat stealer

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

nj230708full.pdf.exe

Resource

win10v2004-20241007-en

asyncrat stormkitty venomrat discovery rat stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  nj230708full.pdf.exe
- Size
  
  2.6MB
- MD5
  
  bd216fdea8517b5beb003e0ac03f536e
- SHA1
  
  a3f3d4395b74da605bb1e068c846ccb531213f38
- SHA256
  
  e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675
- SHA512
  
  57dadcbd826b9d2cd99e82d1ba5ada998219378d9c1782388de06c9a2dddc754ec32ca89682cc56e5f38dd55e1a57ce5bd5cb2482ba655ecbbd76206f353d694
- SSDEEP
  
  49152:ztJyfM3mq+li7JeXVn2GljPUXSrVFADPtMieH5nqwTs8X3jkXcMt:JUKmzi7Je4GljPUCrzAiieZq8IX3t
Score

10^/10

asyncrat stormkitty venomrat discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittyvenomratdiscoveryratstealer

behavioral2

asyncratstormkittyvenomratdiscoveryratstealer

© 2018-2024

Terms | Privacy