Analysis

  • max time kernel
    218s
  • max time network
    288s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-04-2024 20:37

General

  • Target

    C11Bootstrapper/Properties/PageEditor.exe

  • Size

    74KB

  • MD5

    a419717ff743b0f11fdde27177617cb5

  • SHA1

    38e6575ad65c4cdf3301c22ff6d827e11436006f

  • SHA256

    41adf4e4e460a3119ad27d5874f7ea6e09781eb91e33d90e4a5faeeaadee8300

  • SHA512

    0f9a00f3d5027e6aa5636d2564db89787cc83224aa83c771822655a057fffe2f2e642c98ca9ff603ed3be4ea655d5c02c8a28161895036e80284d009ddf9b1d6

  • SSDEEP

    1536:gUYkcx9pXCTyPMVXjCBevPIaH1b8/uDaQzcp1VclN:gU1cx958yPMVzCCrH1b8BQ8XY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4040

Mutex

vydiplhdlyjvmj

Attributes
  • delay

    1

  • install

    true

  • install_file

    PageEditor.exe

  • install_folder

    %Temp%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Suspicious use of AdjustPrivilegeToken 43 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\C11Bootstrapper\Properties\PageEditor.exe
    "C:\Users\Admin\AppData\Local\Temp\C11Bootstrapper\Properties\PageEditor.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1292-0-0x0000000000690000-0x00000000006A8000-memory.dmp

    Filesize

    96KB

  • memory/1292-2-0x00007FFFA8370000-0x00007FFFA8E32000-memory.dmp

    Filesize

    10.8MB

  • memory/1292-3-0x000000001B3C0000-0x000000001B3D0000-memory.dmp

    Filesize

    64KB

  • memory/1292-4-0x00007FFFA8370000-0x00007FFFA8E32000-memory.dmp

    Filesize

    10.8MB