asyncrat | 6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
Size

3.0MB
MD5

732db9390cc94d898d874b151b1a512d
SHA1

e9f25950c2b525a5658129cf9601545546f95454
SHA256

6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c
SHA512

7aae4b8d7c5746cc26e0927696ddac4907561efbff8772b65ad36b4525a4730ecbf5b513eb9896be26b193f74e7d3cbff23c928168757a472206eee4cabb0b3e
SSDEEP

49152:0GVLgqHU3mdatQdsgUBX3B3kNC3H6vUZNr/N2e:0GFQ3mdatQSQ

Score

10^/10

asyncrat stormkitty venomrat rat stealer

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral1/memory/352-1-0x0000000000E80000-0x0000000001184000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty

VenomRAT 1 IoCs

Detects VenomRAT.

rat

resource	yara_rule
behavioral1/memory/352-1-0x0000000000E80000-0x0000000001184000-memory.dmp	VenomRAT

Venomrat family
venomrat

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
352	6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe

C:\Users\Admin\AppData\Local\Temp\6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe
"C:\Users\Admin\AppData\Local\Temp\6bd9630999522db1db619d66da46f5b83e466d1612bc62c5799007d58f52ed8c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/352-0-0x000007FEF6083000-0x000007FEF6084000-memory.dmp

Filesize
4KB

Download
memory/352-1-0x0000000000E80000-0x0000000001184000-memory.dmp

Filesize
3.0MB

Download
memory/352-2-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/352-3-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/352-4-0x000007FEF6083000-0x000007FEF6084000-memory.dmp

Filesize
4KB

Download
memory/352-5-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/352-6-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download