asyncrat | e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675 | Triage

Submit
Reports

Overview

overview

Static

static

3

nj230708full.pdf.exe

windows11-21h2-x64

Resubmissions

16-12-2024 09:53

241216-lw48bsvpfy 10

16-12-2024 09:15

241216-k739qsvmgp 10

Sharing

General

Target

nj230708full.pdf.exe
Size

2.6MB
Sample

241216-lw48bsvpfy
MD5

bd216fdea8517b5beb003e0ac03f536e
SHA1

a3f3d4395b74da605bb1e068c846ccb531213f38
SHA256

e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675
SHA512

57dadcbd826b9d2cd99e82d1ba5ada998219378d9c1782388de06c9a2dddc754ec32ca89682cc56e5f38dd55e1a57ce5bd5cb2482ba655ecbbd76206f353d694
SSDEEP

49152:ztJyfM3mq+li7JeXVn2GljPUXSrVFADPtMieH5nqwTs8X3jkXcMt:JUKmzi7Je4GljPUCrzAiieZq8IX3t

Score

10^/10

asyncrat stormkitty discovery execution rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

nj230708full.pdf.exe

Resource

win11-20241007-en

asyncrat stormkitty discovery execution rat stealer

windows11-21h2-x64

23 signatures

600 seconds

Malware Config

Targets

- Target
  
  nj230708full.pdf.exe
- Size
  
  2.6MB
- MD5
  
  bd216fdea8517b5beb003e0ac03f536e
- SHA1
  
  a3f3d4395b74da605bb1e068c846ccb531213f38
- SHA256
  
  e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675
- SHA512
  
  57dadcbd826b9d2cd99e82d1ba5ada998219378d9c1782388de06c9a2dddc754ec32ca89682cc56e5f38dd55e1a57ce5bd5cb2482ba655ecbbd76206f353d694
- SSDEEP
  
  49152:ztJyfM3mq+li7JeXVn2GljPUXSrVFADPtMieH5nqwTs8X3jkXcMt:JUKmzi7Je4GljPUCrzAiieZq8IX3t
Score

10^/10

asyncrat stormkitty discovery execution rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittydiscoveryexecutionratstealer

© 2018-2024

Terms | Privacy