asyncrat

General

Target

b0d971e42d6818273641302dc8e7834559ba53fb83a6b65f8a716a4dde3d0154N.exe
Size

175KB
Sample

241217-dpth9aymcw
MD5

94aab2572e95a3b461d7ba8e31469960
SHA1

7891fa42356d83496eeda19102e0a7105db19b85
SHA256

b0d971e42d6818273641302dc8e7834559ba53fb83a6b65f8a716a4dde3d0154
SHA512

c22454c88b772ef57d0075f912c98e21fd2b13b38a12fd2b5af4c538fb2670910a7c80c8f7cf7d32aa84cff1ce18ec820258621ad2558409e248f6922c307d60
SSDEEP

3072:Ye8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gT1wARE+WpCc:M6ewwIwQJ6vKX0c5MlYZ0b2O

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7628237356:AAH55BkKJR1tbXeHyRjNJLUas_rTNml9WUw/sendMessage?chat_id=7420289535

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b0d971e42d6818273641302dc8e7834559ba53fb83a6b65f8a716a4dde3d0154N.exe
- Size
  
  175KB
- MD5
  
  94aab2572e95a3b461d7ba8e31469960
- SHA1
  
  7891fa42356d83496eeda19102e0a7105db19b85
- SHA256
  
  b0d971e42d6818273641302dc8e7834559ba53fb83a6b65f8a716a4dde3d0154
- SHA512
  
  c22454c88b772ef57d0075f912c98e21fd2b13b38a12fd2b5af4c538fb2670910a7c80c8f7cf7d32aa84cff1ce18ec820258621ad2558409e248f6922c307d60
- SSDEEP
  
  3072:Ye8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gT1wARE+WpCc:M6ewwIwQJ6vKX0c5MlYZ0b2O
Score

10^/10

asyncrat stormkitty default discovery persistence privilege_escalation rat spyware stealer phishing
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- A potential corporate email address has been identified in the URL: WorldWindProResultsDate2024121731133AMSystemWindows10Pro64BitUsernameAdminCompNameGYHASOLSLanguageenUSAntivirusNotinstalledHardwareCPU12thGenIntelRCoreTMi512400GPUMicrosoftBasicDisplayAdapterRAM16154MBHWIDUnknownPowerNoSystemBattery1Screen1280x720NetworkGatewayIP10.127.0.1InternalIP10.127.0.119ExternalIP181.215.176.83BSSID2ea76d080940DomainsinfoBankLogsNodataCryptoLogsNodataFreakyLogsNodataLogsBookmarks5SoftwareDeviceWindowsproductkeyDesktopscreenshotFileGrabberDatabasefiles6TelegramChannel@XSplinter
  phishing
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2