asyncrat

General

Target

https://mega.nz/file/Ugc1iQiK#ywcAdLryJK_eMNuFeZimSvMI9XZhVhgL2vb9OJcQXKY
Sample

250328-rpqdgsxsez

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:36206

Mutex

onxityialltnltam

Attributes

delay
1
install
true
install_file
Windows Defender.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  https://mega.nz/file/Ugc1iQiK#ywcAdLryJK_eMNuFeZimSvMI9XZhVhgL2vb9OJcQXKY
Score

10^/10

asyncrat stormkitty default agilenet collection discovery rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Async RAT payload
  rat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1