asyncrat | 230b143294c018f8fc6c36581be214e2d3725546bba0a241da12854052806005 | Triage

Submit
Reports

Overview

overview

Static

static

7

L5shRfh.exe

windows7-x64

L5shRfh.exe

windows10-ltsc 2021-x64

L5shRfh.exe

windows11-21h2-x64

Sharing

General

Target

L5shRfh.exe
Size

6.2MB
Sample

250212-y5t5yaxrb1
MD5

3cb427c5f783752ea688c135b516dbb4
SHA1

8a9e0937d7db2b951f50c7cc1f0ebf42aaafb21b
SHA256

230b143294c018f8fc6c36581be214e2d3725546bba0a241da12854052806005
SHA512

f35074310eb13beb43039b440af695500e0eb4ff9634a820be9838e6bddeda8ca7d05ef969fe21f2ffd856bb88022d6e6c0b3b59cb131b90dcae22fe238f9697
SSDEEP

98304:H7SmQ0OBrD+f8wNVrq2+ow64WfRnZUo7SmQ0OBrD+f8wNVrq2+ow64WfRnZUW:HOmSDktNjZUoOmSDktNjZUW

Score

10^/10

asyncrat stormkitty discovery rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

L5shRfh.exe

Resource

win7-20240729-en

asyncrat stormkitty discovery rat stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

L5shRfh.exe

Resource

win10ltsc2021-20250211-en

asyncrat stormkitty discovery rat stealer

windows10-ltsc 2021-x64

13 signatures

150 seconds

Behavioral task

behavioral3

Sample

L5shRfh.exe

Resource

win11-20250210-en

asyncrat stormkitty discovery rat stealer

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  L5shRfh.exe
- Size
  
  6.2MB
- MD5
  
  3cb427c5f783752ea688c135b516dbb4
- SHA1
  
  8a9e0937d7db2b951f50c7cc1f0ebf42aaafb21b
- SHA256
  
  230b143294c018f8fc6c36581be214e2d3725546bba0a241da12854052806005
- SHA512
  
  f35074310eb13beb43039b440af695500e0eb4ff9634a820be9838e6bddeda8ca7d05ef969fe21f2ffd856bb88022d6e6c0b3b59cb131b90dcae22fe238f9697
- SSDEEP
  
  98304:H7SmQ0OBrD+f8wNVrq2+ow64WfRnZUo7SmQ0OBrD+f8wNVrq2+ow64WfRnZUW:HOmSDktNjZUoOmSDktNjZUW
Score

10^/10

asyncrat stormkitty discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Downloads MZ/PE file
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittydiscoveryratstealer

behavioral2

asyncratstormkittydiscoveryratstealer

behavioral3

asyncratstormkittydiscoveryratstealer

© 2018-2025

Terms | Privacy