Analysis

  • max time kernel
    1199s
  • max time network
    1204s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/01/2024, 16:21

General

  • Target

    28add650000.exe

  • Size

    76KB

  • MD5

    bed58dec24567f2db0facb34aae9746d

  • SHA1

    4fad95ee6c482ad23f778f87b78ac0ed9f3738dd

  • SHA256

    087cd98565ba0bb9689db91c94e4203f2a7e594e67af3580f08cf47ac9d78b41

  • SHA512

    f9f7fb3a9ac92bb7bcaf69ef32291f02fc5dc2241acd7f265c86921bd4d15e8c3d71b868b560812269cf3828957bdbc40144205733dcaebcbbf30fa9bf550984

  • SSDEEP

    1536:4UUPcxVteCW7PMVQe8BegWIeH1bJ/VDQzcaLVclN:4UmcxV4x7PMVt8VuH1bJVQLBY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

67.205.154.243:4431

Mutex

wuhjwqibozr

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Async RAT payload 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28add650000.exe
    "C:\Users\Admin\AppData\Local\Temp\28add650000.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1972

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1972-0-0x0000000000380000-0x0000000000398000-memory.dmp

          Filesize

          96KB

        • memory/1972-2-0x00007FF976360000-0x00007FF976E22000-memory.dmp

          Filesize

          10.8MB

        • memory/1972-3-0x000000001B110000-0x000000001B120000-memory.dmp

          Filesize

          64KB

        • memory/1972-4-0x00007FF997080000-0x00007FF997289000-memory.dmp

          Filesize

          2.0MB

        • memory/1972-5-0x00007FF976360000-0x00007FF976E22000-memory.dmp

          Filesize

          10.8MB

        • memory/1972-6-0x000000001B110000-0x000000001B120000-memory.dmp

          Filesize

          64KB

        • memory/1972-7-0x00007FF997080000-0x00007FF997289000-memory.dmp

          Filesize

          2.0MB