Analysis
-
max time kernel
1485s -
max time network
1501s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-04-2024 13:34
Behavioral task
behavioral1
Sample
Client.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
1800 seconds
General
-
Target
Client.exe
-
Size
252KB
-
MD5
c3594756513a1d8f4b87b955747e0a6e
-
SHA1
dad561768d270ecff3ef2c836fd7c492036f9641
-
SHA256
83aabb9170fe13459e9c97ad3680b7c9056b580bebc595f8c38a84ed7e093991
-
SHA512
46f0158f2a2e71121079f9a2498c39230ab2b208805fb805e2c1a2d0de757d2e84e53a563bea5485449c9f662105f5067f7555cd3b34b65cf970f81e8ccc458e
-
SSDEEP
3072:DUdcxMmw6PMV2e9VdQsH1bfDpnQSR7c2ytBcL5BdkwvTkmEdeYY:Ddw6PMV2aesVbNn3Wwvqdb
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:4449
127.0.0.1:6555
127.0.0.1:0
127.0.0.1:4040
Mutex
bbfikyzckwofs
Attributes
-
delay
1
-
install
true
-
install_file
C11Setup.exe
-
install_folder
%Temp%
aes.plain
Signatures
-
Suspicious use of AdjustPrivilegeToken 43 IoCs
Processes:
Client.exedescription pid process Token: SeDebugPrivilege 3028 Client.exe Token: SeIncreaseQuotaPrivilege 3028 Client.exe Token: SeSecurityPrivilege 3028 Client.exe Token: SeTakeOwnershipPrivilege 3028 Client.exe Token: SeLoadDriverPrivilege 3028 Client.exe Token: SeSystemProfilePrivilege 3028 Client.exe Token: SeSystemtimePrivilege 3028 Client.exe Token: SeProfSingleProcessPrivilege 3028 Client.exe Token: SeIncBasePriorityPrivilege 3028 Client.exe Token: SeCreatePagefilePrivilege 3028 Client.exe Token: SeBackupPrivilege 3028 Client.exe Token: SeRestorePrivilege 3028 Client.exe Token: SeShutdownPrivilege 3028 Client.exe Token: SeDebugPrivilege 3028 Client.exe Token: SeSystemEnvironmentPrivilege 3028 Client.exe Token: SeRemoteShutdownPrivilege 3028 Client.exe Token: SeUndockPrivilege 3028 Client.exe Token: SeManageVolumePrivilege 3028 Client.exe Token: 33 3028 Client.exe Token: 34 3028 Client.exe Token: 35 3028 Client.exe Token: 36 3028 Client.exe Token: SeIncreaseQuotaPrivilege 3028 Client.exe Token: SeSecurityPrivilege 3028 Client.exe Token: SeTakeOwnershipPrivilege 3028 Client.exe Token: SeLoadDriverPrivilege 3028 Client.exe Token: SeSystemProfilePrivilege 3028 Client.exe Token: SeSystemtimePrivilege 3028 Client.exe Token: SeProfSingleProcessPrivilege 3028 Client.exe Token: SeIncBasePriorityPrivilege 3028 Client.exe Token: SeCreatePagefilePrivilege 3028 Client.exe Token: SeBackupPrivilege 3028 Client.exe Token: SeRestorePrivilege 3028 Client.exe Token: SeShutdownPrivilege 3028 Client.exe Token: SeDebugPrivilege 3028 Client.exe Token: SeSystemEnvironmentPrivilege 3028 Client.exe Token: SeRemoteShutdownPrivilege 3028 Client.exe Token: SeUndockPrivilege 3028 Client.exe Token: SeManageVolumePrivilege 3028 Client.exe Token: 33 3028 Client.exe Token: 34 3028 Client.exe Token: 35 3028 Client.exe Token: 36 3028 Client.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3028-0-0x0000000000960000-0x00000000009A4000-memory.dmpFilesize
272KB
-
memory/3028-2-0x00007FFDE4580000-0x00007FFDE5042000-memory.dmpFilesize
10.8MB
-
memory/3028-3-0x000000001B5B0000-0x000000001B5C0000-memory.dmpFilesize
64KB
-
memory/3028-4-0x00007FFDE4580000-0x00007FFDE5042000-memory.dmpFilesize
10.8MB