asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_517d641dad9471b535955fcf15ab628b58c78084f2239f6846b64c36f9411c93
Size

940KB
Sample

241226-zcz16ayngx
MD5

4d6ab20585485a36d039dfb3b5a65657
SHA1

b5f7372330f0d5610ba5f052f583d7da7004ba57
SHA256

517d641dad9471b535955fcf15ab628b58c78084f2239f6846b64c36f9411c93
SHA512

9f35e6c774715b2bb85362c52802a703caf95ce7e90a548c2aab4e66710a21edb0cd74efc123bd75debd52aa06d1c93315b6fe93ab5217443b992ab5a3138d69
SSDEEP

12288:WrWqDE9wXjSqvSlOCzIZQtEsc5RlQfW1ejAKrfwZJwUDCEJl0MZdrWqDEfrWqFxL:WrV9XzvUzImE1R493ue0rJlz/rVOr3h

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot1931615329:AAFxC8GzmBvOI3AyvA7Xz9jpOCJy7wc6kXg/sendMessage?chat_id=1130730583

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Steam Checker by MrViper/Steam checker.exe
- Size
  
  175KB
- MD5
  
  ec3ee0382b2a468ec1be4006b9dd0d74
- SHA1
  
  994b8fc55aab829d1b15167dc03cd8a7e69fb259
- SHA256
  
  c814a966f3b992c38a5e2aefba28d36afc16afb6373d6d35a43da77f64262b65
- SHA512
  
  aa2580ed54030efd034f814d89d7453caf89b3b16d134597b63b233ec4f75d0247b63e352a4f22632cd2f1591ac15ce8ddb496707e53a76802e5ffeb7a22a1b8
- SSDEEP
  
  3072:Me8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTtwAqE+Wpor:lXtb5KcXr7XmfgqtjhAxZ0b2i
Score

10^/10

asyncrat stormkitty default discovery persistence privilege_escalation rat spyware stealer phishing
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- A potential corporate email address has been identified in the URL: WorldWindProResultsDate2024122683520PMSystemWindows10Pro64BitUsernameAdminCompNameHGNBWBGWLanguageenUSAntivirusNotinstalledHardwareCPU12thGenIntelRCoreTMi512400GPUMicrosoftBasicDisplayAdapterRAM16154MBHWIDUnknownPowerNoSystemBattery1Screen1280x720NetworkGatewayIP10.127.0.1InternalIP10.127.1.45ExternalIP181.215.176.83BSSID3e5b0eb42941DomainsinfoBankLogsNodataCryptoLogsNodataFreakyLogsNodataLogsBookmarks5SoftwareDeviceWindowsproductkeyDesktopscreenshotFileGrabberDatabasefiles6TelegramChannel@XSplinter
  phishing
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2
- Target
  
  Steam Checker by MrViper/configs/DotNetZip.dll
- Size
  
  448KB
- MD5
  
  6d1c62ec1c2ef722f49b2d8dd4a4df16
- SHA1
  
  1bb08a979b7987bc7736a8cfa4779383cb0ecfa6
- SHA256
  
  00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c
- SHA512
  
  c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2
- SSDEEP
  
  6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7
Score

1^/10
behavioral3 behavioral4
- Target
  
  Steam Checker by MrViper/configs/Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral5 behavioral6
- Target
  
  Steam Checker by MrViper/configs/MetroFramework.Design.dll
- Size
  
  16KB
- MD5
  
  c853e9e8c720249198ff376f42328ef9
- SHA1
  
  a56ee195148023571e26ffeaa5a736bc73a76c40
- SHA256
  
  28089707733c92c7fade97e7b6fab4007e7b8bfd6dc7a8526a3ea597f1a30845
- SHA512
  
  d21cf5cfe0a5e2f7d4c128e64e0decee28028297c804319fb957b1f0e60d62e3103976b95abc3d2bd5ba66801cb5fe9bef4bae067273079177be28c73132c739
- SSDEEP
  
  384:k1q4fJwcRJTxK0JLBamLGqPkO9V1VFf5L7W1OYKjbq9w:6q4hwcRBJLBamSqPkO9V1ViGq9
Score

1^/10
behavioral7 behavioral8
- Target
  
  Steam Checker by MrViper/configs/MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  b8c8a532438c4b421081efb258355469
- SHA1
  
  41aa88d5eaf398da55f712f30226b70492125be1
- SHA256
  
  15a605129cac3663ba1ddb98f5798334fba5e7954ee36a69727299b4e366c2eb
- SHA512
  
  511070c8cfe018e60e11d495393152e10aa2aa0c08cde84678ef3a0efd63ae5c562a47bfab883f4babd469b1873127bacc9c986cb2bc096985176f1dbf93b1fc
- SSDEEP
  
  12288:5+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:5+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

1^/10
behavioral10 behavioral9
- Target
  
  Steam Checker by MrViper/configs/MetroFramework.dll
- Size
  
  313KB
- MD5
  
  b20f1b5e3d4e3df2d826e9870637cd06
- SHA1
  
  a03bb47afdf9498be409ed5b56e945f6e143fb32
- SHA256
  
  9e58f13deb328455f216f165588b5f5111ecd12042d7dd196686dfb0f0fc68eb
- SHA512
  
  095c5956ebc114c4b380d2b43981bcabd221782530328a51cb2c6aec05a016dad2e5efae36810f6840611f77f589be1e1e7f2200738df3bca222381837033b2d
- SSDEEP
  
  6144:Ys+J/PxfbpAQ1bZHE7Zhm6uOw0g749O2:qJ/PxzpAObhV6uO99O
Score

1^/10
behavioral11 behavioral12
- Target
  
  Steam Checker by MrViper/configs/Mono.Cecil.dll
- Size
  
  273KB
- MD5
  
  80ea4bfe7944e2f384d97488c83d9d25
- SHA1
  
  18789622bdff9d99683504faf2a302a194e3b6c0
- SHA256
  
  1a1565804348c2e621e0a509cedaa516eeb7e9fadfbeefe58e1e9cf8ec16b915
- SHA512
  
  561e8c8465c1989dcc6c03b221f24c0f5c0ee278ff244d171f1761c79ee83debcb00973e2027be28ae77e47956a192b2a4a019e83b2802c62639f5d375aabe5b
- SSDEEP
  
  6144:P0eCY7BUB5SH41/sE0oWZSSCvXb9PKdJDkPWeUP:syK7t1EKWZS1vXbw
Score

1^/10
behavioral13 behavioral14
- Target
  
  Mono.Cecil - Copy.dll
- Size
  
  273KB
- MD5
  
  80ea4bfe7944e2f384d97488c83d9d25
- SHA1
  
  18789622bdff9d99683504faf2a302a194e3b6c0
- SHA256
  
  1a1565804348c2e621e0a509cedaa516eeb7e9fadfbeefe58e1e9cf8ec16b915
- SHA512
  
  561e8c8465c1989dcc6c03b221f24c0f5c0ee278ff244d171f1761c79ee83debcb00973e2027be28ae77e47956a192b2a4a019e83b2802c62639f5d375aabe5b
- SSDEEP
  
  6144:P0eCY7BUB5SH41/sE0oWZSSCvXb9PKdJDkPWeUP:syK7t1EKWZS1vXbw
Score

1^/10
behavioral15 behavioral16
- Target
  
  Steam Checker by MrViper/configs/compiler.dll
- Size
  
  273KB
- MD5
  
  80ea4bfe7944e2f384d97488c83d9d25
- SHA1
  
  18789622bdff9d99683504faf2a302a194e3b6c0
- SHA256
  
  1a1565804348c2e621e0a509cedaa516eeb7e9fadfbeefe58e1e9cf8ec16b915
- SHA512
  
  561e8c8465c1989dcc6c03b221f24c0f5c0ee278ff244d171f1761c79ee83debcb00973e2027be28ae77e47956a192b2a4a019e83b2802c62639f5d375aabe5b
- SSDEEP
  
  6144:P0eCY7BUB5SH41/sE0oWZSSCvXb9PKdJDkPWeUP:syK7t1EKWZS1vXbw
Score

1^/10
behavioral17 behavioral18