asyncrat | 9c2838e120c7ed5b582bedc6177f14a52aa578adeea269d0f96fc71a95bd6e68 | Triage

Submit
Reports

Overview

overview

Static

static

3

iviewers.dll

windows7-x64

8

iviewers.dll

windows10-2004-x64

Sharing

General

Target

iviewers.dll
Size

88KB
Sample

250102-wwhz7szrev
MD5

33ae2b9c3e710254fe2e2ce35ff8a7c8
SHA1

109e32187254b27e04ef18bbe1b48fad42bca841
SHA256

9c2838e120c7ed5b582bedc6177f14a52aa578adeea269d0f96fc71a95bd6e68
SHA512

2abe017e2f1d29fe789206d6483b9b33e7abd0871300d678eaba15e390d55c5e197d6cea6ea32dfdee5f65d082574adcc192a4fc0c9506bbba8ad7e957e12599
SSDEEP

1536:L02ifPleVQ8zxlaSRslYzy26igsbuNdn4fuH1e6tsWy4cdlETcgS/iG:5iV4Qaxltsl/ggsCN3oBlQcgkiG

Score

10^/10

asyncrat stormkitty venomrat discovery execution rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

iviewers.dll

Resource

win7-20240903-en

discovery execution

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

iviewers.dll

Resource

win10v2004-20241007-en

asyncrat stormkitty venomrat discovery execution rat stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  iviewers.dll
- Size
  
  88KB
- MD5
  
  33ae2b9c3e710254fe2e2ce35ff8a7c8
- SHA1
  
  109e32187254b27e04ef18bbe1b48fad42bca841
- SHA256
  
  9c2838e120c7ed5b582bedc6177f14a52aa578adeea269d0f96fc71a95bd6e68
- SHA512
  
  2abe017e2f1d29fe789206d6483b9b33e7abd0871300d678eaba15e390d55c5e197d6cea6ea32dfdee5f65d082574adcc192a4fc0c9506bbba8ad7e957e12599
- SSDEEP
  
  1536:L02ifPleVQ8zxlaSRslYzy26igsbuNdn4fuH1e6tsWy4cdlETcgS/iG:5iV4Qaxltsl/ggsCN3oBlQcgkiG
Score

10^/10

discovery execution asyncrat stormkitty venomrat rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratstormkittyvenomratdiscoveryexecutionratstealer

© 2018-2025

Terms | Privacy