asyncrat | 09dcf54c74a3669c9cd811df04f84601c723a7e7457b414e15a842192b8df669 | Triage

Submit
Reports

Overview

overview

Static

static

1

09dcf54c74...69.exe

windows7-x64

09dcf54c74...69.exe

windows10-2004-x64

Sharing

General

Target

09dcf54c74a3669c9cd811df04f84601c723a7e7457b414e15a842192b8df669.exe
Size

514KB
Sample

240702-begqla1blf
MD5

395c4070233d059b2f1661fbdc6af0b4
SHA1

c4e8741e9c21d4a5d9a45138232da82c751cc390
SHA256

09dcf54c74a3669c9cd811df04f84601c723a7e7457b414e15a842192b8df669
SHA512

b3214c512ad6cde7f64ec1d9e8fab416917a248e77268f8516505d8f319168445e184c0182679ed8fdbc967fb6cb94b4e4fc4e2a760bc0f50aa154da81d6b3b9
SSDEEP

12288:IOK+cDtCaKVvTkLsDSdWg51DKWpw06aioXy3FMk:xGAZVL1D5W2Hckmk

Score

10^/10

asyncrat stormkitty default persistence privilege_escalation rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

09dcf54c74a3669c9cd811df04f84601c723a7e7457b414e15a842192b8df669.exe

Resource

win7-20240220-en

asyncrat stormkitty default persistence privilege_escalation rat stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

09dcf54c74a3669c9cd811df04f84601c723a7e7457b414e15a842192b8df669.exe

Resource

win10v2004-20240611-en

asyncrat stormkitty default persistence privilege_escalation rat stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7322917184:AAEZSbuOE5wiEr26jHjFYvUlp0J9RAox2lU/sendMessage?chat_id=5635047295

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  09dcf54c74a3669c9cd811df04f84601c723a7e7457b414e15a842192b8df669.exe
- Size
  
  514KB
- MD5
  
  395c4070233d059b2f1661fbdc6af0b4
- SHA1
  
  c4e8741e9c21d4a5d9a45138232da82c751cc390
- SHA256
  
  09dcf54c74a3669c9cd811df04f84601c723a7e7457b414e15a842192b8df669
- SHA512
  
  b3214c512ad6cde7f64ec1d9e8fab416917a248e77268f8516505d8f319168445e184c0182679ed8fdbc967fb6cb94b4e4fc4e2a760bc0f50aa154da81d6b3b9
- SSDEEP
  
  12288:IOK+cDtCaKVvTkLsDSdWg51DKWpw06aioXy3FMk:xGAZVL1D5W2Hckmk
Score

10^/10

asyncrat stormkitty default persistence privilege_escalation rat stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratstormkittydefaultpersistenceprivilege_escalationratstealer

behavioral2

asyncratstormkittydefaultpersistenceprivilege_escalationratstealer

© 2018-2024

Terms | Privacy