Analysis

  • max time kernel
    1196s
  • max time network
    1203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/01/2024, 16:21

General

  • Target

    28add650000.exe

  • Size

    76KB

  • MD5

    bed58dec24567f2db0facb34aae9746d

  • SHA1

    4fad95ee6c482ad23f778f87b78ac0ed9f3738dd

  • SHA256

    087cd98565ba0bb9689db91c94e4203f2a7e594e67af3580f08cf47ac9d78b41

  • SHA512

    f9f7fb3a9ac92bb7bcaf69ef32291f02fc5dc2241acd7f265c86921bd4d15e8c3d71b868b560812269cf3828957bdbc40144205733dcaebcbbf30fa9bf550984

  • SSDEEP

    1536:4UUPcxVteCW7PMVQe8BegWIeH1bJ/VDQzcaLVclN:4UmcxV4x7PMVt8VuH1bJVQLBY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

67.205.154.243:4431

Mutex

wuhjwqibozr

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Async RAT payload 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28add650000.exe
    "C:\Users\Admin\AppData\Local\Temp\28add650000.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1696

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1696-0-0x0000000000170000-0x0000000000188000-memory.dmp

          Filesize

          96KB

        • memory/1696-2-0x00007FFF91CC0000-0x00007FFF92781000-memory.dmp

          Filesize

          10.8MB

        • memory/1696-3-0x000000001AD80000-0x000000001AD90000-memory.dmp

          Filesize

          64KB

        • memory/1696-4-0x00007FFF91CC0000-0x00007FFF92781000-memory.dmp

          Filesize

          10.8MB

        • memory/1696-5-0x000000001AD80000-0x000000001AD90000-memory.dmp

          Filesize

          64KB