asyncrat | 5d07ad572a6a37d07d0b7ca990087960ad8850d7cfc56b8c7270c826c70fb56b | Triage

Sharing

General

Target

random.exe
Size

846KB
Sample

250126-p4rhzssrdp
MD5

c3d89e95bfb66f5127ac1f2f3e1bd665
SHA1

bd79a4a17cc8ad63abdde20d9de02d55d54903f9
SHA256

5d07ad572a6a37d07d0b7ca990087960ad8850d7cfc56b8c7270c826c70fb56b
SHA512

d85116e24cf07f3063837fab1859ae6d9313dd269e28844900cbebe7521df8c65db97bc122bb097e9887d686bdf8f786b93a06208d762fded9035d2c6448a111
SSDEEP

24576:+VIFvGC3R+NVgcijiCnjWii1bAL3ztlmAQJut:Cg2VghqVRKz6AQwt

Score

10^/10

asyncrat stormkitty default discovery rat stealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

159.100.19.137:7707

Mutex

yBu0GW2G5zAc

Attributes

delay
3
install
false
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  random.exe
- Size
  
  846KB
- MD5
  
  c3d89e95bfb66f5127ac1f2f3e1bd665
- SHA1
  
  bd79a4a17cc8ad63abdde20d9de02d55d54903f9
- SHA256
  
  5d07ad572a6a37d07d0b7ca990087960ad8850d7cfc56b8c7270c826c70fb56b
- SHA512
  
  d85116e24cf07f3063837fab1859ae6d9313dd269e28844900cbebe7521df8c65db97bc122bb097e9887d686bdf8f786b93a06208d762fded9035d2c6448a111
- SSDEEP
  
  24576:+VIFvGC3R+NVgcijiCnjWii1bAL3ztlmAQJut:Cg2VghqVRKz6AQwt
Score

10^/10

discovery asyncrat stormkitty default rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratstormkittydefaultdiscoveryratstealer