asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.MulDrop30.46617.18825.26126.exe
Size

3.4MB
Sample

250420-qs383szl13
MD5

628b458edc49358091f265554450f3b4
SHA1

a79361e7b1ad58768927d91f92b94ec7338708ec
SHA256

aa2f7980511024dbcb007e29eb7b10c374d87b1f6f4a6a35f4bdf4ea803fb008
SHA512

70b1f95224619906b230b3194384bbb61c1d7ba6e101782e5caaf1a67692faa320fe2d469fb0c671aadc92b486593a67e95af6a7a38fbec2e1f55ffc4c8a4b98
SSDEEP

49152:WTFVtnNHfjULJi3CfbvpCsAtWerqvtLz0qyNQXoyrNkpsj904+vJcV+R3Iml+yQM:WTFFQJiSYsAt/atKFyrNkp7449l135Bx

Score

10^/10

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.MulDrop30.46617.18825.26126.exe
- Size
  
  3.4MB
- MD5
  
  628b458edc49358091f265554450f3b4
- SHA1
  
  a79361e7b1ad58768927d91f92b94ec7338708ec
- SHA256
  
  aa2f7980511024dbcb007e29eb7b10c374d87b1f6f4a6a35f4bdf4ea803fb008
- SHA512
  
  70b1f95224619906b230b3194384bbb61c1d7ba6e101782e5caaf1a67692faa320fe2d469fb0c671aadc92b486593a67e95af6a7a38fbec2e1f55ffc4c8a4b98
- SSDEEP
  
  49152:WTFVtnNHfjULJi3CfbvpCsAtWerqvtLz0qyNQXoyrNkpsj904+vJcV+R3Iml+yQM:WTFFQJiSYsAt/atKFyrNkp7449l135Bx
Score

10^/10

asyncrat stormkitty discovery rat stealer execution
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $TEMP/Dominant.xlm
- Size
  
  56KB
- MD5
  
  87135b6922c649e2328731b6046d9c4a
- SHA1
  
  5f37be4e42989e2ac15f975d9895f480db74e980
- SHA256
  
  d1a3db8200606104b56806a1c943c9ab3646cb64c9fc948e79c211ed1678bcf6
- SHA512
  
  31fc00f01de3459dc043b0ae19c2d02fe06e5e5881a1cfef360cf8038d2e5b4c9fef49340a2f53a03fe798f6fcd44b3cf73e4a9ebf228fe8e5f647346cbe478f
- SSDEEP
  
  1536:6SBzKQxfebGNGhv2agB5lIrOcW/Z4h6bMvkoD4:3WQxGSNGaB5aKcKZC6by3E
Score

1^/10
behavioral3 behavioral4
- Target
  
  $TEMP/Sql.xlm
- Size
  
  62KB
- MD5
  
  0a10ce436bdf7caedbc08cb16f879287
- SHA1
  
  524a7b845a01c893288be4b229c717e9efc63907
- SHA256
  
  bb9c7db1d5713564fc1ca0dbd1096bbaecf8d925e8907b7aed81af6da06b3bd3
- SHA512
  
  5e14498257a2df7a4654ef0c0f8b2b2e510290bff4d68fb024eac54fb1d833a92bfaf0a4e7639aa64326378db8913d88fb32be168df3a73bd6310931540ff9fe
- SSDEEP
  
  1536:Nc0DRxT+zwnxrOr6XfQXwVcsWua6XWBSe3d8eA5uKDM:N/R16ix6HXQc7ux+ODM
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/Visitor.xlm
- Size
  
  81KB
- MD5
  
  9299aa096ddf5a0da60370b151e0fb6d
- SHA1
  
  5ba029ae21e4247e32994276268befac1333e4ed
- SHA256
  
  1d7af32f4501da3837ee3b74a95291d14dc4a60044f38c1748c604ae488846bb
- SHA512
  
  de9542e9c3fb201ec8c615167863f5782299c8817aeed7f2bc36b64c19d4c25acc319b69357d2028bbb4954351a562305230b81c5c7d9ea8fdac29f62c3aca5e
- SSDEEP
  
  1536:kiW7hAiWkern+ysX/SrbPlH40+n2kFskDVeWZEpf+57L8y9W9WUnAsg+ylv+Ep8C:kgdnLsPSntFGskDxm1+Zw68PAsP+t8Bo
Score

1^/10
behavioral7 behavioral8
- Target
  
  CurrentlyCabinets/Amendment.xlm
- Size
  
  65KB
- MD5
  
  c3252746626d138fa47f851080e72680
- SHA1
  
  0af57eacd1bd92b3d4d65a499c1a8d814f2bc904
- SHA256
  
  bad626885fc7bd356f0872d979055ca38d2b92a8921ee35dced8e0622495f921
- SHA512
  
  e3e24adb8da7dc66d6322f2a4dbb00e53567fea6f9692464d96d1ee8c02f8847043e02ed89d5282a07bfcb393326e39856b7b095860557a8b7bf4ef057d5badc
- SSDEEP
  
  1536:6367viKjm6ryI3QZ24N6U7uLNjj3VU1iJmuzge:3uKjmSyGQZzN6USLRqcJHz5
Score

1^/10
behavioral10 behavioral9
- Target
  
  CurrentlyCabinets/Arrival.xlm
- Size
  
  94KB
- MD5
  
  7a3fa9b8062d128ab4c5cfa213d29814
- SHA1
  
  c637a2a75dc1fb50f20ba91872d54a230847d69e
- SHA256
  
  08b2255b896bc93190dc00963faec730120750c397c55d68f6501179805ed9bd
- SHA512
  
  4c4e806936b6f16d03f4f3e6cced0bcabc9141a4dc547a59a6d6ee952321849a9c1cc0a72564e545ec0b75b2143bc95f0fc016db22be98aa25be48adf741409e
- SSDEEP
  
  1536:/zI63VfpCINcYbl69kFsQ66cEi9YwmVlLarxzc73nYJ+AZhPjUlUIdWGHR1P59:/zCYblpsscE4Ywm+rJO3nvCGxh59
Score

1^/10
behavioral11 behavioral12
- Target
  
  CurrentlyCabinets/Bd.xlm
- Size
  
  76KB
- MD5
  
  af517acf6d217684628c6bcb4ed1ddab
- SHA1
  
  3489c329b329b90c912f5a652893edb1cae7fbdb
- SHA256
  
  6d31707e60953f322824d872f2aef98fc9dd76215ab14b2b778e4148e2a9a144
- SHA512
  
  a8bc0f70c10215c2de8f3a156e6eba2f5f60940aaef83fe3f96ae13ec406df5bcf02185c6cf625a258b22480846353b95d65ad7ed736f81afeabda34adf74b0f
- SSDEEP
  
  1536:SeitUAbcPe0et/DZ9P7g9YArbMDB9BtcaBS0p:4KAbcOt/l9Tg1rb2OIS0
Score

1^/10
behavioral13 behavioral14
- Target
  
  CurrentlyCabinets/Began.xlm
- Size
  
  53KB
- MD5
  
  d729c789488845b4155f964de2650a6e
- SHA1
  
  8e43cb71abf15442bbc4dcb908354f0e2d1106ff
- SHA256
  
  246466a2819a53f0ff24e499da2be3428f9ae5fa7bf480a7546b2b8470678340
- SHA512
  
  6b0b31528688899037a067eb63f3de0faf92d48e8750397a5e940efbf4572254589aa5ef1ed0d4740e44cf888191ca511332b60bb559098d1da17bd2a92b2c26
- SSDEEP
  
  1536:yO0mPtpkqwWaVdzmzbchFm4jBHOcy4nrvIFXkj:0mPfRIdqCFm41HjJbAy
Score

1^/10
behavioral15 behavioral16
- Target
  
  CurrentlyCabinets/Centre.xlm
- Size
  
  95KB
- MD5
  
  ac54604dbcb7a4bf02cd62a973845be5
- SHA1
  
  956757452555f628ae3c37135dc69967cf29c0a5
- SHA256
  
  86b05ff314b70a2e8c4d6b690981b70569567181dcfb3ac995c96bc13a09dcb5
- SHA512
  
  fca285b6e3d9f759e8dc097d2aab4fdd39e4a18060c0b9a50353b6388668caa94d3f31c35df2cf438b4b8fc1f23046f8db5856e78768f94b2fd3079a357099a8
- SSDEEP
  
  1536:dpEKEQmP6dVwV7WQ70yf14AHrSzjWXGmxxQzWEkZ2BlOgpIxJDuqZHSje80Anf:pEQmP6dS7Wu0W3XGZzWEkZ2BlOgpIxop
Score

1^/10
behavioral17 behavioral18
- Target
  
  CurrentlyCabinets/Creatures.xlm
- Size
  
  50KB
- MD5
  
  9c2d81e57f3b2e7076a73507a7262e48
- SHA1
  
  0c24dea7c43ba758fd4da63cd247e9827af7263e
- SHA256
  
  0760bc5546ec8ddb228b9baab15c594bfe112407745d3f87fb7e4545cb0886b4
- SHA512
  
  394904990cb08766a5f30488fc68fe52f6a0d5bacd53ba4379d01f71d0ff175da696cb5ef6108851c07b9d6531b2136d5f5a7282bef6075b4cc0260bd9786197
- SSDEEP
  
  768:886n3TrZSdqFub9bv26KHovYhb0FG5qlTC7Ut778lvv8JvVTXDR6RCcqpdv8ifDo:88OTNDuZbe/6rZl+Yd28CgHD7o
Score

1^/10
behavioral19 behavioral20
- Target
  
  CurrentlyCabinets/Discover.xlm
- Size
  
  71KB
- MD5
  
  041af4ff7cd17aae5721e576febb3f4c
- SHA1
  
  70d307578608b345ffa91dcf6ca5932792ae50d7
- SHA256
  
  42f566d0b992f40633847e389eb4d4a24a607afd44ae8db30c67d3d3aea11824
- SHA512
  
  5771927bf0bd37ffcb74602acff0b9e76279f2d8af7809a7f3d12a93ba05fbb10d0b30fd7fb0c8d7a228cb485cb2be1b22adf69a7d3bdcb9df2e904b66d4aba7
- SSDEEP
  
  1536:oUOhrHnige+SK+XCZix2guPS6V5uBlWJKFE4W5:dAne+BYwx5uBkKHW5
Score

1^/10
behavioral21 behavioral22
- Target
  
  CurrentlyCabinets/Domain.xlm
- Size
  
  84KB
- MD5
  
  5e0c9e51fb47ef175e4ac05da4909350
- SHA1
  
  f45afb235f39430dc73ea32540f2d415db3d13b0
- SHA256
  
  d8d4cb7e70347283b73285169bbf9b34f04fa416939594cdc5096851a28ff00c
- SHA512
  
  f628a0b04b5c8f020ab8f14f5aa69bb70bcb5d2d02ac4abc941c0389e3da7f67526cf9922be015e369a7e52cbd7a418de661c479e473f531b99aab01dcd9f0d8
- SSDEEP
  
  1536:AX9J/RsU4ci+4xcpsxavf4ujS030vLnGh+7TMUo5/lca+9j3te7soWvhlMcN:WJ/Rsth7cMavC030vjf7wl5/iaM3Q7Z4
Score

1^/10
behavioral23 behavioral24
- Target
  
  CurrentlyCabinets/Im.xlm
- Size
  
  51KB
- MD5
  
  50bb0da553db2c393f8b4728879c7f44
- SHA1
  
  76e7b3f76db3e9a01c86616b48fbc2f710ed7ce1
- SHA256
  
  39b5653503c6caea22828846f89da180542adbdb7b8c1e0e396f32e779eda390
- SHA512
  
  5bde5fd2ea83d5969ccf17362d86d2074af0e890320d10572dff35774f3596b6e908007a53a268fe09e98d26362b022ed41582a814157e87d2a0325eadf2ff80
- SSDEEP
  
  1536:irYTt6z5M2ZSfD7hxKQ01XyZAGES/KejINEI6NbOmhb:ZTQz5BZs7hxKQiXhr6Nbrt
Score

1^/10
behavioral25 behavioral26
- Target
  
  CurrentlyCabinets/Listen.xlm
- Size
  
  72KB
- MD5
  
  65e37887ffc09daba6eb5fcd1bf8f37c
- SHA1
  
  f190189a1a39a03a8678f317b0d76116eb03c65f
- SHA256
  
  e7b907cbc40deeabba0351fb2cce16cfde384ddd687d578a282388a222d9c804
- SHA512
  
  fbbd91495552a1feb8b9169be007ea8018292fa8394fb992e992997a8ae4953f436be50d97841d4a212c2afba47240edad5e0f540c3ca23c7d02c6642ffcafc8
- SSDEEP
  
  1536:2IgP9jJri4w8vYcS+4tXjwM6M29/gdXsF+K4IFxXKL53EhPif9htIlM4AEOQ7:2IgtJ2NtXMM6D/gg+KjFxXKuUlpQ7
Score

1^/10
behavioral27 behavioral28
- Target
  
  CurrentlyCabinets/Moderators.xlm
- Size
  
  65KB
- MD5
  
  7e1c5fa194a36feffe2c74c50d9cc890
- SHA1
  
  56a11ff8811a9222f4604f53eb577335871f56a4
- SHA256
  
  0f6b522268f8cd4f418f6aa395e9be1270f7d056760ee47da9e73e632fd7bdac
- SHA512
  
  9c08a99225be517f79fb0fe18ba866a45abdc4a012118837b51970a19900580c3d1410761381a46f5e07a0539fd713aa383bbc4a12bceb79f248ae880f5c9956
- SSDEEP
  
  1536:tDjMG5axkAqDX+cex4+eZduTS3NvX+KJ5t8II+G79:tDtE8v/+e6TYvu0/8iC
Score

1^/10
behavioral29 behavioral30
- Target
  
  CurrentlyCabinets/Msn.xlm
- Size
  
  85KB
- MD5
  
  d290904ad5a48e7e0b07a900e1d2e333
- SHA1
  
  011ca9366b9ff8fe7a11caaf7db298215625e464
- SHA256
  
  60320d7e11b9db602d863f5d8d6212770f877b9055ad3abe1924ab9321543e8e
- SHA512
  
  e81accb9fb2e09aede22ee7e93b1f6617f31b74892cbc598d743f0c5c981653dbc1208947168f645a3bcb38d602fc30508d934b7a24c049ddd4003a45ae6f99d
- SSDEEP
  
  1536:2mTMplNQsuVvRbMpzIBCKoVZP4lXk0SEpO70vwhpWws8CAeL6:CLQsYvUzXK+S0d1sRL6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Asyncrat family

StormKitty

StormKitty payload

Stormkitty family

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32