Extracted

Extracted

Extracted

• • Target

    8eb0decf8260bff5514cdae9f536b7af282c514d2bed4770ce887ac86d767196

  • Size

    34.8MB

  • MD5

    cb0a22d05978b2e41a38dbc0b8e18519

  • SHA1

    c07e0f474595ed1bf9a040b7f72902e32d83cd1a

  • SHA256

    8eb0decf8260bff5514cdae9f536b7af282c514d2bed4770ce887ac86d767196

  • SHA512

    c92a79e3ed02756d38150edf493cb4df4a61537594bc6c8b926c058a20be4d8041d1e360e8649d2ce2969388f5856fe43d54baf15438bd094df4e672e0faddf8

  • SSDEEP

    786432:Wb3crXJY6tIHUrznnbjYWtND+rhvviy2BFo0yqPoYmBR73h5ITWb59ZHWdp:WbsrZY0rznn3YWWlvT27Jo5B9RWTWb5c

  Score

  10^/10

  asyncratnjratstormkittydefaulthackeddefense_evasiondiscoverypersistenceprivilege_escalationpyinstallerratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Njrat family

    njrat

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Async RAT payload

    rat

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2