asyncrat | db5539de51e133ae500c9b8908d34125d6a45940760c05c6ff5e08d55966210f

Analysis

max time kernel
41s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2023, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clienteexe.exe
Size

63KB
MD5

552afce94b5bf5f1edca204278b8cad1
SHA1

9b2eec911b35e6fdd3932fee6ee26e0d2625394c
SHA256

db5539de51e133ae500c9b8908d34125d6a45940760c05c6ff5e08d55966210f
SHA512

d616db89779f5741b71d43943c539808346669f54377e2a08fb129ac12b5a63d8fe3e948d306a953339dbd4ed5fb6c05410fa102834c762eeca5daf78296db25
SSDEEP

1536:AhB5LrUwk4XO01VjwfLBcZ8tWjkGbbAwhCqhKGeDpqKmY7:AhB5LrUwk4XVV8fLBXthGbbABgz

Score

10^/10

asyncrat venom clients rat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

8.tcp.ngrok.io:14672

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/1808-133-0x00000000000B0000-0x00000000000C6000-memory.dmp	asyncrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1808	Clienteexe.exe

C:\Users\Admin\AppData\Local\Temp\Clienteexe.exe
"C:\Users\Admin\AppData\Local\Temp\Clienteexe.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-133-0x00000000000B0000-0x00000000000C6000-memory.dmp

Filesize
88KB

Download
memory/1808-134-0x000000001AFA0000-0x000000001AFB0000-memory.dmp

Filesize
64KB

Download
memory/1808-135-0x000000001AFA0000-0x000000001AFB0000-memory.dmp

Filesize
64KB

Download