asyncrat | 1c98e715eb65ef733d18ece227297105e5dcea55ab37dc177778da3ff714da21 | Triage

Submit
Reports

Overview

overview

Static

static

1

1c98e715eb...21.ps1

windows7-x64

8

1c98e715eb...21.ps1

windows10-2004-x64

Sharing

General

Target

1c98e715eb65ef733d18ece227297105e5dcea55ab37dc177778da3ff714da21.ps1
Size

168B
Sample

250103-dsgc4aznhn
MD5

2dc54835b9c45ed739a864b1732f7cd6
SHA1

7df3a0414a8972dcb6c025f14646d8570a117b40
SHA256

1c98e715eb65ef733d18ece227297105e5dcea55ab37dc177778da3ff714da21
SHA512

42a57f6d58b302e3a239dbb2e1f282d1b8d1446f93bc60e65933da64361a876c238d12b2eae3ab53eaf20f1973888714363e628beb9d718a9f5d827416aea40f

Score

10^/10

asyncrat stormkitty discovery execution rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

1c98e715eb65ef733d18ece227297105e5dcea55ab37dc177778da3ff714da21.ps1

Resource

win7-20240729-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c98e715eb65ef733d18ece227297105e5dcea55ab37dc177778da3ff714da21.ps1

Resource

win10v2004-20241007-en

asyncrat stormkitty discovery execution rat stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c98e715eb65ef733d18ece227297105e5dcea55ab37dc177778da3ff714da21.ps1
- Size
  
  168B
- MD5
  
  2dc54835b9c45ed739a864b1732f7cd6
- SHA1
  
  7df3a0414a8972dcb6c025f14646d8570a117b40
- SHA256
  
  1c98e715eb65ef733d18ece227297105e5dcea55ab37dc177778da3ff714da21
- SHA512
  
  42a57f6d58b302e3a239dbb2e1f282d1b8d1446f93bc60e65933da64361a876c238d12b2eae3ab53eaf20f1973888714363e628beb9d718a9f5d827416aea40f
Score

10^/10

execution asyncrat stormkitty discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Drops startup file
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstormkittydiscoveryexecutionratstealer

© 2018-2025

Terms | Privacy