asyncrat | 8a1b3e2cd6e7eeebf0154db95342287a17334200fd71249e5daed74becc344b3 | Triage

Submit
Reports

Overview

overview

Static

static

3

9c2838e120...68.dll

windows7-x64

8

9c2838e120...68.dll

windows10-2004-x64

Sharing

General

Target

33ae2b9c3e710254fe2e2ce35ff8a7c8.bin
Size

49KB
Sample

250104-bhcwtasrbx
MD5

62eaea03ee629b6564510a8ed3b93e5d
SHA1

417c541f22633cea6c104716d270baa3f1a89d4a
SHA256

8a1b3e2cd6e7eeebf0154db95342287a17334200fd71249e5daed74becc344b3
SHA512

442dc6a5ba12a178f9c65f0c94335a633fe71203f26c26c5a4cf05d86c0aa50ddde05fff61d8a72e2f7548901e66b3081c46661b2d95135a670457d32245db31
SSDEEP

1536:rMn6YZ5xEewlXh5r54xKs/SsIJvL6aENz60mCL7t:uv/8IYsSv2VNVJ

Score

10^/10

asyncrat stormkitty discovery execution rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9c2838e120c7ed5b582bedc6177f14a52aa578adeea269d0f96fc71a95bd6e68.dll

Resource

win7-20240903-en

discovery execution

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c2838e120c7ed5b582bedc6177f14a52aa578adeea269d0f96fc71a95bd6e68.dll

Resource

win10v2004-20241007-en

asyncrat stormkitty discovery execution rat stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  9c2838e120c7ed5b582bedc6177f14a52aa578adeea269d0f96fc71a95bd6e68.dll
- Size
  
  88KB
- MD5
  
  33ae2b9c3e710254fe2e2ce35ff8a7c8
- SHA1
  
  109e32187254b27e04ef18bbe1b48fad42bca841
- SHA256
  
  9c2838e120c7ed5b582bedc6177f14a52aa578adeea269d0f96fc71a95bd6e68
- SHA512
  
  2abe017e2f1d29fe789206d6483b9b33e7abd0871300d678eaba15e390d55c5e197d6cea6ea32dfdee5f65d082574adcc192a4fc0c9506bbba8ad7e957e12599
- SSDEEP
  
  1536:L02ifPleVQ8zxlaSRslYzy26igsbuNdn4fuH1e6tsWy4cdlETcgS/iG:5iV4Qaxltsl/ggsCN3oBlQcgkiG
Score

10^/10

discovery execution asyncrat stormkitty rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratstormkittydiscoveryexecutionratstealer

© 2018-2025

Terms | Privacy