asyncrat | af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Size

74KB
MD5

c657401f9b786c038acf428fc121c06a
SHA1

67f9eb378ee29725afb03cd3eaa65bc24937663f
SHA256

af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7
SHA512

7724fbdeafac6ce54c07cea20dec2d0431e8ac38ca0224be204a212843cadd78db317fec1e38e4690a82a60e422a96c06eaa7888c94d6894e2394d706530630f
SSDEEP

1536:+UxQcxHCapCtGPMVxwKIVH1bI/OrVQzcKLVclN:+UOcxHCoeGPMVxwZH1bI2VQ7BY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

138.199.21.208:4449

Mutex

dwasdwasdwasdwa

Attributes

delay
1
install
false
install_file
Fucker.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 2 IoCs

rat

resource	yara_rule
behavioral1/memory/1516-0-0x0000000000F40000-0x0000000000F58000-memory.dmp	asyncrat
behavioral1/memory/1516-3-0x000000001AFB0000-0x000000001B030000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeDebugPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncreaseQuotaPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSecurityPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeTakeOwnershipPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeLoadDriverPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemProfilePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemtimePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeProfSingleProcessPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncBasePriorityPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeCreatePagefilePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeBackupPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRestorePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeShutdownPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeDebugPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemEnvironmentPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRemoteShutdownPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeUndockPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeManageVolumePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 33	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 34	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 35	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncreaseQuotaPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSecurityPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeTakeOwnershipPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeLoadDriverPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemProfilePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemtimePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeProfSingleProcessPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncBasePriorityPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeCreatePagefilePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeBackupPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRestorePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeShutdownPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeDebugPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemEnvironmentPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRemoteShutdownPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeUndockPrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeManageVolumePrivilege	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 33	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 34	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 35	1516	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe

C:\Users\Admin\AppData\Local\Temp\af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
"C:\Users\Admin\AppData\Local\Temp\af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1516-0-0x0000000000F40000-0x0000000000F58000-memory.dmp

Filesize
96KB

Download
memory/1516-1-0x000007FEF5FE0000-0x000007FEF69CC000-memory.dmp

Filesize
9.9MB

Download
memory/1516-3-0x000000001AFB0000-0x000000001B030000-memory.dmp

Filesize
512KB

Download
memory/1516-4-0x000007FEF5FE0000-0x000007FEF69CC000-memory.dmp

Filesize
9.9MB

Download