asyncrat

General

Target

test.exe
Size

175KB
Sample

241222-chrkmsyqfl
MD5

db6d3e08853f4d416f64f3c01700a413
SHA1

231f433e48d1f4c30563cc0e6c0959158111079d
SHA256

298b3d94cbab43bff7da317680be62aa3ca834e7122c4773e77bee7c233fd865
SHA512

338d0397310fe6b5d7f206c3f9bfea5fb4f09a1b65d6db3b90093d5bba114bbdcedbc114ec89fc0d95cfa1532040b1559e760512a748ef57d4363933bfd46cad
SSDEEP

3072:ke8RWZghNJUsyPZ/Z/b9jv0cU+lL/dMlZZUZ0b2gTLXwARE+WpCL:MWZGNJUseZ/Z90c5MlYZ0b24

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  test.exe
- Size
  
  175KB
- MD5
  
  db6d3e08853f4d416f64f3c01700a413
- SHA1
  
  231f433e48d1f4c30563cc0e6c0959158111079d
- SHA256
  
  298b3d94cbab43bff7da317680be62aa3ca834e7122c4773e77bee7c233fd865
- SHA512
  
  338d0397310fe6b5d7f206c3f9bfea5fb4f09a1b65d6db3b90093d5bba114bbdcedbc114ec89fc0d95cfa1532040b1559e760512a748ef57d4363933bfd46cad
- SSDEEP
  
  3072:ke8RWZghNJUsyPZ/Z/b9jv0cU+lL/dMlZZUZ0b2gTLXwARE+WpCL:MWZGNJUseZ/Z90c5MlYZ0b24
Score

10^/10

asyncrat stormkitty default discovery persistence phishing privilege_escalation rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- A potential corporate email address has been identified in the URL: WorldWindProResultsDate2024122220511AMSystemWindows10EnterpriseLTSC64BitUsernameAdminCompNameWYKESHLMLanguageenUSAntivirusWindowsDefender.HardwareCPU12thGenIntelRCoreTMi512400GPUMicrosoftBasicDisplayAdapterRAM16157MBHWIDUnknownPowerNoSystemBattery1Screen1280x720NetworkGatewayIP10.127.0.1InternalIP10.127.0.106ExternalIP181.215.176.83BSSID82243e0bb52cDomainsinfoBankLogsNodataCryptoLogsNodataFreakyLogsNodataLogsBookmarks5SoftwareDeviceWindowsproductkeyDesktopscreenshotFileGrabberDatabasefiles4TelegramChannel@XSplinter
  phishing
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1