asyncrat | 5c9f911425493134acd77379a98edaa7e161c6780fdba68791e9098fb9885400 | Triage

Submit
Reports

Overview

overview

Static

static

1

Fund Trans...DF.vbs

windows10-2004-x64

Sharing

General

Target

Fund Transfer Advice of USD 109,000 & USD 108,000.PDF.vbs
Size

2.1MB
Sample

250404-w2srlavjs8
MD5

54d124bf1ebe1f73d5201075ab7b0c7d
SHA1

9243d20658be25495f9d008d1c0cbb77d3c96a22
SHA256

5c9f911425493134acd77379a98edaa7e161c6780fdba68791e9098fb9885400
SHA512

1e639b2e26598636f0fe326eb13f55905cadbb83bbfc1872a501e09e70cfb871b8ebc4c980c9cfb82b6d031562c8092c408b74d828ae21283b9f253145263672
SSDEEP

24576:Y04XRbFcSxHO9zTHod1wmV44huQN8CK5w2cByoj64ladzMiPeANvpDRJMj66/SXS:YJhbOhTHoLxKQNYceEU+P

Score

10^/10

asyncrat modiloader stormkitty default discovery rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Fund Transfer Advice of USD 109,000 & USD 108,000.PDF.vbs

Resource

win10v2004-20250314-en

asyncrat modiloader stormkitty default discovery rat stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7772893676:AAHsXXekbKXk34N9C2s13jbOqoFMDLR-8pQ/sendMessage?chat_id=5064120322

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Fund Transfer Advice of USD 109,000 & USD 108,000.PDF.vbs
- Size
  
  2.1MB
- MD5
  
  54d124bf1ebe1f73d5201075ab7b0c7d
- SHA1
  
  9243d20658be25495f9d008d1c0cbb77d3c96a22
- SHA256
  
  5c9f911425493134acd77379a98edaa7e161c6780fdba68791e9098fb9885400
- SHA512
  
  1e639b2e26598636f0fe326eb13f55905cadbb83bbfc1872a501e09e70cfb871b8ebc4c980c9cfb82b6d031562c8092c408b74d828ae21283b9f253145263672
- SSDEEP
  
  24576:Y04XRbFcSxHO9zTHod1wmV44huQN8CK5w2cByoj64ladzMiPeANvpDRJMj66/SXS:YJhbOhTHoLxKQNYceEU+P
Score

10^/10

asyncrat modiloader stormkitty default discovery rat stealer trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Async RAT payload
  rat
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratmodiloaderstormkittydefaultdiscoveryratstealertrojan

© 2018-2025

Terms | Privacy