asyncrat | 850fa36792359354c8b5cf86ebb2d6923aa64dece7fc5d555d90d156eaa0409e | Triage

Submit
Reports

Overview

overview

Static

static

5

850fa36792...9e.exe

windows7-x64

850fa36792...9e.exe

windows10-2004-x64

Sharing

General

Target

850fa36792359354c8b5cf86ebb2d6923aa64dece7fc5d555d90d156eaa0409e.exe
Size

1.1MB
Sample

250111-ewb38atkcv
MD5

a7649256fce8b15959edd1004df7781b
SHA1

314294d940b110265283531e9e62b3dea6fb4506
SHA256

850fa36792359354c8b5cf86ebb2d6923aa64dece7fc5d555d90d156eaa0409e
SHA512

8b06a739f05a731d7edafe7bbc9b6a6e083dbb3d8d96fe1bba110147401caf8bd1b51268cf1db0ad15dbd92b584c3a3d6174dfdee47669b9f8b6510735c4cf5b
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8a61V9rWmEbmJsR:2TvC/MTQYxsWR7a6H9rbESJ

Score

10^/10

asyncrat stormkitty default discovery persistence privilege_escalation rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

850fa36792359354c8b5cf86ebb2d6923aa64dece7fc5d555d90d156eaa0409e.exe

Resource

win7-20240903-en

asyncrat stormkitty default discovery persistence privilege_escalation rat stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

850fa36792359354c8b5cf86ebb2d6923aa64dece7fc5d555d90d156eaa0409e.exe

Resource

win10v2004-20241007-en

asyncrat stormkitty default discovery persistence privilege_escalation rat stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7935009733:AAGBu91qWsmUHTs2GabvLt2Z62A3M4QqyqE/sendMessage?chat_id=6779103906

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  850fa36792359354c8b5cf86ebb2d6923aa64dece7fc5d555d90d156eaa0409e.exe
- Size
  
  1.1MB
- MD5
  
  a7649256fce8b15959edd1004df7781b
- SHA1
  
  314294d940b110265283531e9e62b3dea6fb4506
- SHA256
  
  850fa36792359354c8b5cf86ebb2d6923aa64dece7fc5d555d90d156eaa0409e
- SHA512
  
  8b06a739f05a731d7edafe7bbc9b6a6e083dbb3d8d96fe1bba110147401caf8bd1b51268cf1db0ad15dbd92b584c3a3d6174dfdee47669b9f8b6510735c4cf5b
- SSDEEP
  
  24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8a61V9rWmEbmJsR:2TvC/MTQYxsWR7a6H9rbESJ
Score

10^/10

asyncrat stormkitty default discovery persistence privilege_escalation rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratstealer

behavioral2

asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratstealer

© 2018-2025

Terms | Privacy