asyncrat | a2251164857af32d0a13d3d91c9cb17af07f5858ad935c666a4787f12d585622 | Triage

Submit
Reports

Overview

overview

Static

static

Builder.exe

windows10-2004-x64

Sharing

General

Target

Builder.exe
Size

273KB
Sample

240707-tm14bavenp
MD5

2a388e389df3136db839745d13a2bbd0
SHA1

1ba063842110c80d2a6bdf8280ec88b426b9d4ea
SHA256

a2251164857af32d0a13d3d91c9cb17af07f5858ad935c666a4787f12d585622
SHA512

01715c872281fffd8587f5cdabb5a9d80c720871424a6bf50ad0e8de7aae69536d0d4ffecb611ecfb8e98190e96b8ba896c96bf2dc0ebdda511f74909b5cb559
SSDEEP

3072:Ee8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTiwARE+WpC/Bz65/M6If+3JC:g6ewwIwQJ6vKX0c5MlYZ0b2zFxBt25

Score

10^/10

asyncrat stormkitty default persistence privilege_escalation rat spyware stealer

Static task

static1

rat default asyncrat stormkitty

5 signatures

Behavioral task

behavioral1

Sample

Builder.exe

Resource

win10v2004-20240704-en

asyncrat stormkitty default persistence privilege_escalation rat spyware stealer

windows10-2004-x64

13 signatures

1200 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5602729079:AAHue5HGrezQGgwKeWyn3WQgaqOZM5nlF_c/sendMessage?chat_id=6067717150

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Builder.exe
- Size
  
  273KB
- MD5
  
  2a388e389df3136db839745d13a2bbd0
- SHA1
  
  1ba063842110c80d2a6bdf8280ec88b426b9d4ea
- SHA256
  
  a2251164857af32d0a13d3d91c9cb17af07f5858ad935c666a4787f12d585622
- SHA512
  
  01715c872281fffd8587f5cdabb5a9d80c720871424a6bf50ad0e8de7aae69536d0d4ffecb611ecfb8e98190e96b8ba896c96bf2dc0ebdda511f74909b5cb559
- SSDEEP
  
  3072:Ee8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTiwARE+WpC/Bz65/M6If+3JC:g6ewwIwQJ6vKX0c5MlYZ0b2zFxBt25
Score

10^/10

asyncrat stormkitty default persistence privilege_escalation rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

ratdefaultasyncratstormkitty

behavioral1

asyncratstormkittydefaultpersistenceprivilege_escalationratspywarestealer

© 2018-2024

Terms | Privacy