asyncrat | 7066e4a496d83ee1b677ade06c868a432bb4a0dd364b19ee184147a527b11c10 | Triage

Submit
Reports

Overview

overview

Static

static

1

gqub.bat

windows7-x64

8

gqub.bat

windows10-2004-x64

Sharing

General

Target

gqub.bat
Size

3KB
Sample

250101-js9mja1rfk
MD5

bb445d197063475c8d78de4f0825753c
SHA1

158a8e3b278affe7c1185aad67683e4253cf53dd
SHA256

7066e4a496d83ee1b677ade06c868a432bb4a0dd364b19ee184147a527b11c10
SHA512

173cd8a56e2fa6e8db33bc13870f8751473251aa80be2235321e62b0f84961e9fd00a236aec63342d73f262dbc7c2a920951a1a8f41707ca6640e673f21c4307

Score

10^/10

asyncrat stormkitty venomrat discovery execution rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

gqub.bat

Resource

win7-20241010-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

gqub.bat

Resource

win10v2004-20241007-en

asyncrat stormkitty venomrat discovery execution rat stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  gqub.bat
- Size
  
  3KB
- MD5
  
  bb445d197063475c8d78de4f0825753c
- SHA1
  
  158a8e3b278affe7c1185aad67683e4253cf53dd
- SHA256
  
  7066e4a496d83ee1b677ade06c868a432bb4a0dd364b19ee184147a527b11c10
- SHA512
  
  173cd8a56e2fa6e8db33bc13870f8751473251aa80be2235321e62b0f84961e9fd00a236aec63342d73f262dbc7c2a920951a1a8f41707ca6640e673f21c4307
Score

10^/10

execution asyncrat stormkitty venomrat discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstormkittyvenomratdiscoveryexecutionratstealer

© 2018-2025

Terms | Privacy