asyncrat | 560917a6881bc30c1436f8fb95705b00645773aa091c46083a6cea3b00a0949b

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 11:47

Target

efb0c31543ca816cd9a55cafd730224c.exe
Size

74KB
MD5

efb0c31543ca816cd9a55cafd730224c
SHA1

c6356391853cf207c0ff4de5a9cdaddc8d0af63a
SHA256

560917a6881bc30c1436f8fb95705b00645773aa091c46083a6cea3b00a0949b
SHA512

6bde891ab5ee9338e61a5fa7752d502d0311c2a9a0d45238792aa1cf07d50be141d80371c6c5a4119f8ddd755bd2c9fb3a904aeb77035cad259feba0854c6054
SSDEEP

1536:oUUPcxVteCW7PMVB5ZhOJIK11bk/HE/QzclLVclN:oUmcxV4x7PMVnZ011bkfE/QkBY

Score

10^/10

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

185.196.10.81:4449

Mutex

wrteyuiooo

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious behavior: EnumeratesProcesses 25 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2744	efb0c31543ca816cd9a55cafd730224c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2744	efb0c31543ca816cd9a55cafd730224c.exe

memory/2744-0-0x0000000000380000-0x0000000000398000-memory.dmp

Filesize
96KB

Download
memory/2744-1-0x00007FFD8DBE3000-0x00007FFD8DBE5000-memory.dmp

Filesize
8KB

Download
memory/2744-3-0x00007FFD8DBE0000-0x00007FFD8E6A1000-memory.dmp

Filesize
10.8MB

Download
memory/2744-4-0x00007FFD8DBE3000-0x00007FFD8DBE5000-memory.dmp

Filesize
8KB

Download
memory/2744-5-0x00007FFD8DBE0000-0x00007FFD8E6A1000-memory.dmp

Filesize
10.8MB

Download