asyncrat

General

Target

Server.exe
Size

175KB
Sample

250208-tqwb8strft
MD5

afd5b15ef7e12b0c6469d5a6e853ba7c
SHA1

fd004564b996b2aa7838264322c39c3e043f83d6
SHA256

7c607526feaf1f53ac61c84b4d95fba30c7209b86a0426a1b8c72dbb94ec3747
SHA512

46dc3e43df92888461104f9d6579bae87fb62b318a7d0f01bad7ff643ffd649527c877769feb3fe4821ed7d99b2a45c2bdf198369be5a250cc4ad84d2ea106ce
SSDEEP

3072:3e8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTTwARE+WpCc:v6ewwIwQJ6vKX0c5MlYZ0b2w

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7926380598:AAFjRd_Ca7fbAplbMEhSA_VRzJUZjWDMlws/sendMessage?chat_id=6632870164

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Server.exe
- Size
  
  175KB
- MD5
  
  afd5b15ef7e12b0c6469d5a6e853ba7c
- SHA1
  
  fd004564b996b2aa7838264322c39c3e043f83d6
- SHA256
  
  7c607526feaf1f53ac61c84b4d95fba30c7209b86a0426a1b8c72dbb94ec3747
- SHA512
  
  46dc3e43df92888461104f9d6579bae87fb62b318a7d0f01bad7ff643ffd649527c877769feb3fe4821ed7d99b2a45c2bdf198369be5a250cc4ad84d2ea106ce
- SSDEEP
  
  3072:3e8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTTwARE+WpCc:v6ewwIwQJ6vKX0c5MlYZ0b2w
Score

10^/10

asyncrat stormkitty default discovery persistence privilege_escalation rat spyware stealer adware
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Drops file in System32 directory
behavioral1 behavioral2