asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

BuilderWorldWindPro.zip
Size

1.2MB
Sample

250212-rg1jgsvmdv
MD5

1a13f22219851b49296ede39fcc1f65c
SHA1

353bd26f2da850e5cd596ef58e3dc96dce5bd85b
SHA256

40fb046cd3a136a4c55338295b05b887ea1de0ed7b7ae58fc0d3dc83ae54cba1
SHA512

31c587b2da90256086a740a1cf3373f64a831ede833c3393b0e6656dc467aab1c7cadf0e96c74f18bc383e41dbb985117dfc92afb5ce26a4abfcb79394366e23
SSDEEP

24576:yBPkCkNVx9Ef4cQ+KG7SKaZ5g3hYiaThGKvIkrlb4yBpssssssss0P0uxRwlL93:okNVx9QVQWOKT3/a1wkrlb10PVxSv3

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Builder WorldWind Pro/Builder WorldWind Pro.exe
- Size
  
  506KB
- MD5
  
  e5fb57e8214483fd395bd431cb3d1c4b
- SHA1
  
  60e22fc9e0068c8156462f003760efdcac82766b
- SHA256
  
  e389fc5782f754918a10b020adcd8faa11c25658b8d6f8cbc49f9ac3a7637684
- SHA512
  
  dc2ed0421db7dd5a3afeacb6a9f5017c97fc07d0b2d1745b50ede50087a58245d31d6669077a672b32541dbfa233ef87260a37be48de3bd407d8c587fc903d89
- SSDEEP
  
  12288:zrUQw+2uPHL2hWsL94HPkH+oG7kSKT5T:wVuPr2hWsL94y+oG1K5
Score

10^/10

redline discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Downloads MZ/PE file
behavioral1 behavioral2
- Target
  
  Builder WorldWind Pro/DotNetZip.dll
- Size
  
  448KB
- MD5
  
  6d1c62ec1c2ef722f49b2d8dd4a4df16
- SHA1
  
  1bb08a979b7987bc7736a8cfa4779383cb0ecfa6
- SHA256
  
  00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c
- SHA512
  
  c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2
- SSDEEP
  
  6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral3 behavioral4
- Target
  
  Builder WorldWind Pro/Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral5 behavioral6
- Target
  
  Builder WorldWind Pro/MetroFramework.Design.dll
- Size
  
  16KB
- MD5
  
  c853e9e8c720249198ff376f42328ef9
- SHA1
  
  a56ee195148023571e26ffeaa5a736bc73a76c40
- SHA256
  
  28089707733c92c7fade97e7b6fab4007e7b8bfd6dc7a8526a3ea597f1a30845
- SHA512
  
  d21cf5cfe0a5e2f7d4c128e64e0decee28028297c804319fb957b1f0e60d62e3103976b95abc3d2bd5ba66801cb5fe9bef4bae067273079177be28c73132c739
- SSDEEP
  
  384:k1q4fJwcRJTxK0JLBamLGqPkO9V1VFf5L7W1OYKjbq9w:6q4hwcRBJLBamSqPkO9V1ViGq9
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7 behavioral8
- Target
  
  Builder WorldWind Pro/MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  b8c8a532438c4b421081efb258355469
- SHA1
  
  41aa88d5eaf398da55f712f30226b70492125be1
- SHA256
  
  15a605129cac3663ba1ddb98f5798334fba5e7954ee36a69727299b4e366c2eb
- SHA512
  
  511070c8cfe018e60e11d495393152e10aa2aa0c08cde84678ef3a0efd63ae5c562a47bfab883f4babd469b1873127bacc9c986cb2bc096985176f1dbf93b1fc
- SSDEEP
  
  12288:5+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:5+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral10 behavioral9
- Target
  
  Builder WorldWind Pro/MetroFramework.dll
- Size
  
  313KB
- MD5
  
  b20f1b5e3d4e3df2d826e9870637cd06
- SHA1
  
  a03bb47afdf9498be409ed5b56e945f6e143fb32
- SHA256
  
  9e58f13deb328455f216f165588b5f5111ecd12042d7dd196686dfb0f0fc68eb
- SHA512
  
  095c5956ebc114c4b380d2b43981bcabd221782530328a51cb2c6aec05a016dad2e5efae36810f6840611f77f589be1e1e7f2200738df3bca222381837033b2d
- SSDEEP
  
  6144:Ys+J/PxfbpAQ1bZHE7Zhm6uOw0g749O2:qJ/PxzpAObhV6uO99O
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  Builder WorldWind Pro/Mono.Cecil.dll
- Size
  
  273KB
- MD5
  
  80ea4bfe7944e2f384d97488c83d9d25
- SHA1
  
  18789622bdff9d99683504faf2a302a194e3b6c0
- SHA256
  
  1a1565804348c2e621e0a509cedaa516eeb7e9fadfbeefe58e1e9cf8ec16b915
- SHA512
  
  561e8c8465c1989dcc6c03b221f24c0f5c0ee278ff244d171f1761c79ee83debcb00973e2027be28ae77e47956a192b2a4a019e83b2802c62639f5d375aabe5b
- SSDEEP
  
  6144:P0eCY7BUB5SH41/sE0oWZSSCvXb9PKdJDkPWeUP:syK7t1EKWZS1vXbw
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral13 behavioral14
- Target
  
  Builder WorldWind Pro/stub.dll
- Size
  
  171KB
- MD5
  
  fd12ac8c2bce0eccd26b3f48a8ad4956
- SHA1
  
  7b7c6548ea4e4e897968785126d4033a876c6d3e
- SHA256
  
  c618d6362d0bfe7daf26d6c98271cc38c291e812548c13869c0d1bfb905531d0
- SHA512
  
  cff76beea29e21c0c96bf5f1dc4bf419d1d5246c9cc111ff572909867588694ae80de22b663e2af8b33da52540d6053e106586738db05ec91fafc0055ec41631
- SSDEEP
  
  3072:9ySRwk/N2wtuh77yHcokLZl9CPJ+dZ8BAgTepbDywAWY+WpY:OkV9tuh77ypkLTzyqnpbDq
Score

10^/10

asyncrat stormkitty default discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Downloads MZ/PE file
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine

RedLine payload

Redline family

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Downloads MZ/PE file

Asyncrat family

StormKitty

StormKitty payload

Stormkitty family

Downloads MZ/PE file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16