asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

ADFoyxP.exe
Size

3.5MB
Sample

250307-y37cgsv1hx
MD5

45c1abfb717e3ef5223be0bfc51df2de
SHA1

4c074ea54a1749bf1e387f611dea0d940deea803
SHA256

b01d928331e2b87a961b1a5953bc7dbb8d757c250f1343d731e3b6bb20591243
SHA512

3d667f5ada9b62706be003ba42c4390177fc47c82d1d9fa9eaca36e36422e77b894f5ec92ad7a143b7494a5a4b43d6eb8af91cb54e78984bb6e8350df5c34546
SSDEEP

98304:UePnIk+fZcURguwJaPquzFJi0E3znjVxkC2b4VbD:LfIzRtguwgqo5E33wIVbD

Score

10^/10

Malware Config

Targets

- Target
  
  ADFoyxP.exe
- Size
  
  3.5MB
- MD5
  
  45c1abfb717e3ef5223be0bfc51df2de
- SHA1
  
  4c074ea54a1749bf1e387f611dea0d940deea803
- SHA256
  
  b01d928331e2b87a961b1a5953bc7dbb8d757c250f1343d731e3b6bb20591243
- SHA512
  
  3d667f5ada9b62706be003ba42c4390177fc47c82d1d9fa9eaca36e36422e77b894f5ec92ad7a143b7494a5a4b43d6eb8af91cb54e78984bb6e8350df5c34546
- SSDEEP
  
  98304:UePnIk+fZcURguwJaPquzFJi0E3znjVxkC2b4VbD:LfIzRtguwgqo5E33wIVbD
Score

10^/10

discovery asyncrat stormkitty venomrat rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VenomRAT
  Detects VenomRAT.
  rat
- Venomrat family
  venomrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $TEMP/Amenities.pub
- Size
  
  58KB
- MD5
  
  0a71e5a021a54a070c4c1a50abf101a7
- SHA1
  
  6138668ada2d95c7b6e08b81b3f9ccb9f5247b35
- SHA256
  
  4e5e43ec6b9f6c5837391c94d27bf31f806de5c66ae69cf6dc765fdb9354e662
- SHA512
  
  4d32af74ebda994eb5e4056b3bf58e160dad4673548a1ac34322ac4caec71cca9cd96b323eda63cdfb1a627f6b43b8dc0095ec2294ec2159e4c786287569e580
- SSDEEP
  
  1536:EnfXAHM4Cntyj7IfuP4OmdUfD4ux/IaQpvF:EnfwH9Cne/+UfD4uSaQz
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $TEMP/Apartments.pub
- Size
  
  89KB
- MD5
  
  60ba658102cdcb57ee4b1f74f342c707
- SHA1
  
  f6763e33c4aad91b20be3b8886b6e5bd91a99754
- SHA256
  
  36a1197973ca14a3b37631378354614601d8114fe55d662331ff36c635156dc2
- SHA512
  
  9489ac2166628096c8969ac77497ce49a8970ba7730204faa7518f3d4d9a3650aace6c3d5ac6cb8eca51402033fe174f808a209001f7380ae99f7a12dceadbe8
- SSDEEP
  
  1536:r78mUL0c0T2a28uio3hFSW0SL5GozE7+H2m/v5gNCMcea5m4eSlbXFSpw3KYLHlI:r5C0aa6ktME9CyCMcH5XFSu3KkHMCV+V
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/Argentina.pub
- Size
  
  79KB
- MD5
  
  4388c3487e7d1472a69229a5f0197ccc
- SHA1
  
  777e7d36f0584de3cc65786d41608ca99ee4f620
- SHA256
  
  4441e796466684cb54f423b1be5a43ee96536e0ebd2568d6c5f571dc263840b0
- SHA512
  
  27c5fd7958d9cb004df02dfe888e74842aa038c7ab623a37333a06e805fae911c4785d19e5d4dc9bc756f91d3617db3936036b4c3b23a1296f65607076f89108
- SSDEEP
  
  1536:+HUBE8E3STTBwTSl7z5uuVDufNDuTkzg38IfTWZIjShIs8aVZ0Cpi:0U3E3ciT+zR65uo838IbWisZ0gi
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMP/Comparison.pub
- Size
  
  51KB
- MD5
  
  f9b4ba8289a774e8fe971eb05b6c3e73
- SHA1
  
  64bcae2258089c7227ccba400b81c12572082d17
- SHA256
  
  ff9fa6049de4b67aa3ffe200eae66f228ccf3f80c14b72941eaa7e60264b0536
- SHA512
  
  a192ca35449e85eefac0f553a8c0b9db109756328e4dbef297a1a80a6b001130fbf4544daaf487ee979ff53b98cadc0e0e194567111e71ed1d1e75b6b542c9f5
- SSDEEP
  
  1536:6jvPyWAZTf06qic2rG6RZ9UvXT1+fqE1H8bEeUJL67F9Lsulyh:gyf0gRTResfnHR67FCulyh
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/Confusion.pub
- Size
  
  78KB
- MD5
  
  2785affd81c3e073c43df32ed2d00c9c
- SHA1
  
  5d6a06caae5024543cf475d3e3027c594d9f4c7c
- SHA256
  
  288b1f4c716dfb1b821171f03a5e6e4f35953bc2abe08c15d9393728e9a06257
- SHA512
  
  0472edb1f3114ff723c55edcdffc2b009a875e226ca69ce242edaa73512b7a0e81aaf3f5df08d18a8775a3fbf6f3a90df801e7f692f91e48d5bbe99a2bd45fb0
- SSDEEP
  
  1536:yZo+FdZWRHGQjdRD63L8wkWUpPT3ESvDESyr4JCRBl3:yZPdQRHr5s3ww47U4S48RH
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $TEMP/Distinguished.pub
- Size
  
  87KB
- MD5
  
  e600cbe70466c2341db84a36284c9774
- SHA1
  
  093d93c67e982e7f56baddb25fcb6534f0e1a745
- SHA256
  
  df111febac27dff5d441df546576d1f63e55047c537c8eff0bb44c15f7c8c53d
- SHA512
  
  46be8f5cdc7e8d99b34b3c100b5f88f3d796b92a693b3a56d6dbb87e7c5a77c25a45f53ebe5c37cfd4e3d360319d342fd29d79fb5a334759423ee6ed37628f3a
- SSDEEP
  
  1536:AJu933aYnmInoQMypgIZR5mRYR/+jRtRvWm4J2JWR4gX/a/hmPb7KQ9NdTf:AJu93znmosc1/mGRcRtJd4J2JQ/a/hmb
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/Document.pub
- Size
  
  61KB
- MD5
  
  3152606654339510628be876ad7ab86c
- SHA1
  
  3ea3a43c84d2a8cc02e802f0f002ad0f7ecfacb4
- SHA256
  
  224930c54c57e8fe9aeee19de1ac0799ad05b9014e3034ee2cefa5272d68d0be
- SHA512
  
  d0f427f0e8a76f3e751e3452c3db07a39cadc309958cfe49b06504f511f6d92287513e13a4bfb1859e193a8caffb7917372698b374900ef53c4e666c668edf90
- SSDEEP
  
  1536:ArOqszXn/tv4NmYb+csVEmp9qS6wPWC/mvxXV3PvtM:BqszXn//c+cAE0+wPWCulJP+
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $TEMP/Enlarge.pub
- Size
  
  78KB
- MD5
  
  1f5b8234b3d731ec3efa6877d15c7b8c
- SHA1
  
  60b59ff72eff1c340faeda29830ae168bd253495
- SHA256
  
  f9f60c1dec818764c8838a2be6f60327c55aebcfff9329af931f191001a051da
- SHA512
  
  a65b95297601eecbd6ff11db4d26090ba7895062f04a30bca621b3b886882d17e8d57630f681fe7b9bf1e01d03b8c24d012ff0d5694a0f65e83d3ae7ed891953
- SSDEEP
  
  1536:/cMCFEx3s5N39fq0TgIHMzXi/9DDijA9gMgZ3e/zJKE7Z5iBdt4+5T4eR:/cAsf39fB0Xz29DngMgZ+lLMtfT4eR
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $TEMP/Explicitly.pub
- Size
  
  56KB
- MD5
  
  a27bce3c4fcffcec9e54b9373111d877
- SHA1
  
  8813684c93bec16ef48c6c66b831cc91bafdf234
- SHA256
  
  dcd46e5e62353b800403fa27952d4d0fa91e097d12cfffebb134a8794ef560d1
- SHA512
  
  04c0b45afb353f4c4d3ec914c79f225d9a678142aec9d0b61954904380ac2ff5ab71da63035f811bfe349cb2cfb51029c979c5879de0bb7050237542214a623a
- SSDEEP
  
  768:gRMUlp4NB2FrYODKuI6S6V+L8WFGTZKPQHA/DaCHZ5cGLh8TmoJq8z0bS/nGT9g/:gR7lEEmuh+L8RIkA7JLqyoJq80XTin/
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $TEMP/Gate.pub
- Size
  
  56KB
- MD5
  
  6401d7e0a9d7799cc1ecaee55e6482d6
- SHA1
  
  55d93e5275c34d44c7940a3cd6dbc170b4d2a799
- SHA256
  
  7bf9529b155b898532c530311215633371f6d24f0fde35a18d91cee7f498e5a6
- SHA512
  
  ec66f36f054043aa95e42144c3faea771bbccec912a92828e293e98c4fb219edbfbcdf4ddcafdf62322207e50a4189a4338de8e95380049c3d35bcc28fb0e981
- SSDEEP
  
  1536:spF6aFFCNkBYEEcGnzGRq83yHkEx4o64yW+5tekarblgFLU2X:sKaONkBYEQnziqPHkEstelrbeY2X
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $TEMP/Generating.pub
- Size
  
  81KB
- MD5
  
  75caffb2a658b3dc3fda54c8b830e255
- SHA1
  
  891b1afaceaedeca1275dcb480eb4383b895eeb5
- SHA256
  
  b8af578b7388ab44441b859780987b962457297b0f583d0fdd9329c69b68c107
- SHA512
  
  b75dfd7de87cde8d0b2863ba16d2f23cf4883418842598786f73930c7ac0e6648e122200b8f820cc89f953e546678358a4af13849a299c5466cbabc6c7c99c93
- SSDEEP
  
  1536:MGadYRT6n8GSM4fCF28aMbPc3CJ6NkvYDjYTZM42WCFMour2e:MGQsTvG2fCUMbU3CJ6S0jYToWCQr2e
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $TEMP/Governor.pub
- Size
  
  84KB
- MD5
  
  c35f290c55dc153aa53b0fca79a20482
- SHA1
  
  b70cac04f88f880842cc4a54ccbb25c6b00a0ebc
- SHA256
  
  6ce95bb839c41ddecbbcd95484471674573f54bcc431351202eb10f7430251c9
- SHA512
  
  11a9c8c048bd400797db792b3eabf4a5dbdd9910648fd4ed632523941db6fdcefe1a4b7a5e89fae839795f158fcb31dad70b78418f0ca06723b5a3678c0cb4ff
- SSDEEP
  
  1536:BxFgGBXG79JwQInzD87x7ZDufC7Kgx7EAFK8Yv70B:BBWIzc7QIKg2AFK8Mq
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $TEMP/Legislation.pub
- Size
  
  79KB
- MD5
  
  63d8544a82d12a57c54c313d993c85bf
- SHA1
  
  976aef6a762f3e74592cc134aacb3bc9b45f5a75
- SHA256
  
  f550e56fa09560678c99a8c171552e7aed6bcbc26d4b7b95d50851b8ef4fa8fa
- SHA512
  
  666694b83475b9a287e61cd0fdfb5bf4ed2e1a65ad774fe9402527ee4511c41da7b97231be6bcfa3a96251bf4b81f93157375f63bfe32c61ff9c35ec7df1eeed
- SSDEEP
  
  1536:r6O2fL0fUbuyQrLUqrMDgikMDGqQrTETfOFmHh22ts:r6O2fLzbvQrwYMDgikMywyFm4f
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $TEMP/Listening.pub
- Size
  
  63KB
- MD5
  
  a20a1ed37a395a59924f82ebe8925d75
- SHA1
  
  888266575b1719e9b651fc3b778145f0539871a8
- SHA256
  
  b43f6bb3e55105d2cd9745fa2bb40449024896b314460f686650ba6fcb82e328
- SHA512
  
  3317a8080c5b759b485c50630ac2ce3eee964430acf4afa714cd364d659822877d3e598cc3ab4db878c0ae20f1f84f23b31d02e6409ca6053cbbaebf69b5df5a
- SSDEEP
  
  1536:6iy5E2dm5qkQ21ih916zSsLvvfsdGKUkGVppkVNJC1b6PyZ6:ByzMqkQ2MozSsLvvfS5UkYHk81+
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $TEMP/Maintains.pub
- Size
  
  98KB
- MD5
  
  dbc26e8b9f547df6511f2c07d206d2ef
- SHA1
  
  b12900963f7b93da5944e104a86d4a6b7137be60
- SHA256
  
  82f2723cfdc19e16c28300632ab3fc560e38321afe406bbc4735a8dd37d7ef30
- SHA512
  
  1325e49ed2e64dc68a6f342443dccfe6b83aba26d8a1f35c7c7d87802d696f2c68f618cc366592bd014a716318e3b85f7986282999445fac9ca8349bf66b8df5
- SSDEEP
  
  1536:fBntJgPw5E7hZ7iOhLOIuoEocY3o2brwbKGCfyI4lUuPBp/8GfrZEofCulva:fBp5E7v7LdEojbrwGGjIxYtXrZEoi
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Asyncrat family

StormKitty

StormKitty payload

Stormkitty family

Suspicious use of NtCreateUserProcessOtherParentProcess

VenomRAT

Venomrat family

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32