asyncrat

General

Target

c10d8c90ddf07b2e6a1167ceb755559ff7a1305cdf0b0aca78771903504f10ee.zip
Size

2KB
Sample

250107-ac7nkawrar
MD5

65c8115dabcc202be32249a26321fcad
SHA1

8789f4cd12c7b07168e1411433f64ddc20214603
SHA256

c10d8c90ddf07b2e6a1167ceb755559ff7a1305cdf0b0aca78771903504f10ee
SHA512

5bf9d9b35f0ad81f1e9e91497008b50d038d894dd73a6a5dc166a108aa63847cd0026dc3539f65a64dae6634451635c939c3c8afee5801c714298e17f101fe58

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

Targets

- Target
  
  c10d8c90ddf07b2e6a1167ceb755559ff7a1305cdf0b0aca78771903504f10ee.zip
- Size
  
  2KB
- MD5
  
  65c8115dabcc202be32249a26321fcad
- SHA1
  
  8789f4cd12c7b07168e1411433f64ddc20214603
- SHA256
  
  c10d8c90ddf07b2e6a1167ceb755559ff7a1305cdf0b0aca78771903504f10ee
- SHA512
  
  5bf9d9b35f0ad81f1e9e91497008b50d038d894dd73a6a5dc166a108aa63847cd0026dc3539f65a64dae6634451635c939c3c8afee5801c714298e17f101fe58
Score

10^/10

execution asyncrat lumma stormkitty discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Lumma Stealer, LummaC

Lumma family

StormKitty

StormKitty payload

Stormkitty family

Blocklisted process makes network request

Downloads MZ/PE file

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2