asyncrat | 3f539cd170926f163d3edd57e673097a83d5bced26009b62ba32af5a36da2b60 | Triage

Submit
Reports

Overview

overview

Static

static

1

rzsneo_xp2k.exe

windows7-x64

rzsneo_xp2k.exe

windows10-2004-x64

Sharing

General

Target

rzsneo_xp2k.exe
Size

2.7MB
Sample

250303-v7z77atyaw
MD5

d8a38fb9a5c0295825c0b4d46f32324c
SHA1

f3e32410b83e93ecbcbd829a4bd0a360c7449cea
SHA256

3f539cd170926f163d3edd57e673097a83d5bced26009b62ba32af5a36da2b60
SHA512

5d9fbc3f8ddd691d7af764274bc41f490dc088b0409beb0fcb8cbec21c026b0ad3c3af93aab8be5dfcefd4602cd68b22efcd1e8abac2ce3e3f447ec0847d4ab0
SSDEEP

49152:tyMJcNGc6/FPnVtlR785IGBKqQiNUeblQPw3QOcmWb7vAGfJ9tJBoaI3Hzz45uJ:gYcN9sltRqRUebmEhgZDpI3n5

Score

10^/10

asyncrat stormkitty venomrat discovery rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

rzsneo_xp2k.exe

Resource

win7-20250207-en

asyncrat stormkitty venomrat discovery rat stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

rzsneo_xp2k.exe

Resource

win10v2004-20250217-en

asyncrat stormkitty venomrat discovery rat stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  rzsneo_xp2k.exe
- Size
  
  2.7MB
- MD5
  
  d8a38fb9a5c0295825c0b4d46f32324c
- SHA1
  
  f3e32410b83e93ecbcbd829a4bd0a360c7449cea
- SHA256
  
  3f539cd170926f163d3edd57e673097a83d5bced26009b62ba32af5a36da2b60
- SHA512
  
  5d9fbc3f8ddd691d7af764274bc41f490dc088b0409beb0fcb8cbec21c026b0ad3c3af93aab8be5dfcefd4602cd68b22efcd1e8abac2ce3e3f447ec0847d4ab0
- SSDEEP
  
  49152:tyMJcNGc6/FPnVtlR785IGBKqQiNUeblQPw3QOcmWb7vAGfJ9tJBoaI3Hzz45uJ:gYcN9sltRqRUebmEhgZDpI3n5
Score

10^/10

asyncrat stormkitty venomrat discovery rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratstormkittyvenomratdiscoveryratstealer

behavioral2

asyncratstormkittyvenomratdiscoveryratstealer

© 2018-2025

Terms | Privacy