asyncrat | af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Size

74KB
MD5

c657401f9b786c038acf428fc121c06a
SHA1

67f9eb378ee29725afb03cd3eaa65bc24937663f
SHA256

af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7
SHA512

7724fbdeafac6ce54c07cea20dec2d0431e8ac38ca0224be204a212843cadd78db317fec1e38e4690a82a60e422a96c06eaa7888c94d6894e2394d706530630f
SSDEEP

1536:+UxQcxHCapCtGPMVxwKIVH1bI/OrVQzcKLVclN:+UOcxHCoeGPMVxwZH1bI2VQ7BY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

138.199.21.208:4449

Mutex

dwasdwasdwasdwa

Attributes

delay
1
install
false
install_file
Fucker.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral2/memory/5096-0-0x00000000008A0000-0x00000000008B8000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncreaseQuotaPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSecurityPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeTakeOwnershipPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeLoadDriverPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemProfilePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemtimePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeProfSingleProcessPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncBasePriorityPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeCreatePagefilePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeBackupPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRestorePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeShutdownPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeDebugPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemEnvironmentPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRemoteShutdownPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeUndockPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeManageVolumePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 33	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 34	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 35	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 36	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncreaseQuotaPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSecurityPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeTakeOwnershipPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeLoadDriverPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemProfilePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemtimePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeProfSingleProcessPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeIncBasePriorityPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeCreatePagefilePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeBackupPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRestorePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeShutdownPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeDebugPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeSystemEnvironmentPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeRemoteShutdownPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeUndockPrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: SeManageVolumePrivilege	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 33	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 34	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 35	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
Token: 36	5096	af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe

C:\Users\Admin\AppData\Local\Temp\af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe
"C:\Users\Admin\AppData\Local\Temp\af6a6dcb2d925f7683290e68deb225b1b312ea1535918f53757e34a7234ea6f7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5096-0-0x00000000008A0000-0x00000000008B8000-memory.dmp

Filesize
96KB

Download
memory/5096-2-0x00007FFC131A0000-0x00007FFC13C61000-memory.dmp

Filesize
10.8MB

Download
memory/5096-3-0x0000000002970000-0x0000000002980000-memory.dmp

Filesize
64KB

Download
memory/5096-4-0x00007FFC131A0000-0x00007FFC13C61000-memory.dmp

Filesize
10.8MB

Download