asyncrat | 83aabb9170fe13459e9c97ad3680b7c9056b580bebc595f8c38a84ed7e093991

Analysis

max time kernel
1485s
max time network
1501s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

252KB
MD5

c3594756513a1d8f4b87b955747e0a6e
SHA1

dad561768d270ecff3ef2c836fd7c492036f9641
SHA256

83aabb9170fe13459e9c97ad3680b7c9056b580bebc595f8c38a84ed7e093991
SHA512

46f0158f2a2e71121079f9a2498c39230ab2b208805fb805e2c1a2d0de757d2e84e53a563bea5485449c9f662105f5067f7555cd3b34b65cf970f81e8ccc458e
SSDEEP

3072:DUdcxMmw6PMV2e9VdQsH1bfDpnQSR7c2ytBcL5BdkwvTkmEdeYY:Ddw6PMV2aesVbNn3Wwvqdb

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

127.0.0.1:6555

127.0.0.1:0

127.0.0.1:4040

Mutex

bbfikyzckwofs

Attributes

delay
1
install
true
install_file
C11Setup.exe
install_folder
%Temp%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

Processes:

Client.exe

description	pid	process
Token: SeDebugPrivilege	3028	Client.exe
Token: SeIncreaseQuotaPrivilege	3028	Client.exe
Token: SeSecurityPrivilege	3028	Client.exe
Token: SeTakeOwnershipPrivilege	3028	Client.exe
Token: SeLoadDriverPrivilege	3028	Client.exe
Token: SeSystemProfilePrivilege	3028	Client.exe
Token: SeSystemtimePrivilege	3028	Client.exe
Token: SeProfSingleProcessPrivilege	3028	Client.exe
Token: SeIncBasePriorityPrivilege	3028	Client.exe
Token: SeCreatePagefilePrivilege	3028	Client.exe
Token: SeBackupPrivilege	3028	Client.exe
Token: SeRestorePrivilege	3028	Client.exe
Token: SeShutdownPrivilege	3028	Client.exe
Token: SeDebugPrivilege	3028	Client.exe
Token: SeSystemEnvironmentPrivilege	3028	Client.exe
Token: SeRemoteShutdownPrivilege	3028	Client.exe
Token: SeUndockPrivilege	3028	Client.exe
Token: SeManageVolumePrivilege	3028	Client.exe
Token: 33	3028	Client.exe
Token: 34	3028	Client.exe
Token: 35	3028	Client.exe
Token: 36	3028	Client.exe
Token: SeIncreaseQuotaPrivilege	3028	Client.exe
Token: SeSecurityPrivilege	3028	Client.exe
Token: SeTakeOwnershipPrivilege	3028	Client.exe
Token: SeLoadDriverPrivilege	3028	Client.exe
Token: SeSystemProfilePrivilege	3028	Client.exe
Token: SeSystemtimePrivilege	3028	Client.exe
Token: SeProfSingleProcessPrivilege	3028	Client.exe
Token: SeIncBasePriorityPrivilege	3028	Client.exe
Token: SeCreatePagefilePrivilege	3028	Client.exe
Token: SeBackupPrivilege	3028	Client.exe
Token: SeRestorePrivilege	3028	Client.exe
Token: SeShutdownPrivilege	3028	Client.exe
Token: SeDebugPrivilege	3028	Client.exe
Token: SeSystemEnvironmentPrivilege	3028	Client.exe
Token: SeRemoteShutdownPrivilege	3028	Client.exe
Token: SeUndockPrivilege	3028	Client.exe
Token: SeManageVolumePrivilege	3028	Client.exe
Token: 33	3028	Client.exe
Token: 34	3028	Client.exe
Token: 35	3028	Client.exe
Token: 36	3028	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x0000000000960000-0x00000000009A4000-memory.dmp

Filesize
272KB

Download
memory/3028-2-0x00007FFDE4580000-0x00007FFDE5042000-memory.dmp

Filesize
10.8MB

Download
memory/3028-3-0x000000001B5B0000-0x000000001B5C0000-memory.dmp

Filesize
64KB

Download
memory/3028-4-0x00007FFDE4580000-0x00007FFDE5042000-memory.dmp

Filesize
10.8MB

Download