asyncrat | 65022e64adfb69a218849bf5c76b6d268e311e1d353328449f997c66cc528361

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

0e8c91a41cec8198ac21b9f8169c246e
SHA1

62de2dc3c6d7f132d544c29e2546edbd1b642ec2
SHA256

65022e64adfb69a218849bf5c76b6d268e311e1d353328449f997c66cc528361
SHA512

40d95ee490fcd75735bd35bb27f229a576617b1dd3d82a8788e024f2c8fe11d74e4765d41539da16c9e9188644e0455cd39e62f44c660a3f408b797aa12cde9c
SSDEEP

1536:LUk0cxVGlCBiPMVye9VdQuDI6H1bf/+vqQzc+LVclN:LURcxVMWiPMVye9VdQsH1bfWvqQXBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

byttstvecomn

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/LwwcrLg4

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	5108	Client.exe
Token: SeIncreaseQuotaPrivilege	5108	Client.exe
Token: SeSecurityPrivilege	5108	Client.exe
Token: SeTakeOwnershipPrivilege	5108	Client.exe
Token: SeLoadDriverPrivilege	5108	Client.exe
Token: SeSystemProfilePrivilege	5108	Client.exe
Token: SeSystemtimePrivilege	5108	Client.exe
Token: SeProfSingleProcessPrivilege	5108	Client.exe
Token: SeIncBasePriorityPrivilege	5108	Client.exe
Token: SeCreatePagefilePrivilege	5108	Client.exe
Token: SeBackupPrivilege	5108	Client.exe
Token: SeRestorePrivilege	5108	Client.exe
Token: SeShutdownPrivilege	5108	Client.exe
Token: SeDebugPrivilege	5108	Client.exe
Token: SeSystemEnvironmentPrivilege	5108	Client.exe
Token: SeRemoteShutdownPrivilege	5108	Client.exe
Token: SeUndockPrivilege	5108	Client.exe
Token: SeManageVolumePrivilege	5108	Client.exe
Token: 33	5108	Client.exe
Token: 34	5108	Client.exe
Token: 35	5108	Client.exe
Token: 36	5108	Client.exe
Token: SeIncreaseQuotaPrivilege	5108	Client.exe
Token: SeSecurityPrivilege	5108	Client.exe
Token: SeTakeOwnershipPrivilege	5108	Client.exe
Token: SeLoadDriverPrivilege	5108	Client.exe
Token: SeSystemProfilePrivilege	5108	Client.exe
Token: SeSystemtimePrivilege	5108	Client.exe
Token: SeProfSingleProcessPrivilege	5108	Client.exe
Token: SeIncBasePriorityPrivilege	5108	Client.exe
Token: SeCreatePagefilePrivilege	5108	Client.exe
Token: SeBackupPrivilege	5108	Client.exe
Token: SeRestorePrivilege	5108	Client.exe
Token: SeShutdownPrivilege	5108	Client.exe
Token: SeDebugPrivilege	5108	Client.exe
Token: SeSystemEnvironmentPrivilege	5108	Client.exe
Token: SeRemoteShutdownPrivilege	5108	Client.exe
Token: SeUndockPrivilege	5108	Client.exe
Token: SeManageVolumePrivilege	5108	Client.exe
Token: 33	5108	Client.exe
Token: 34	5108	Client.exe
Token: 35	5108	Client.exe
Token: 36	5108	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5108-0-0x00000000009C0000-0x00000000009D8000-memory.dmp

Filesize
96KB

Download
memory/5108-1-0x00007FFB6EE23000-0x00007FFB6EE25000-memory.dmp

Filesize
8KB

Download
memory/5108-3-0x00007FFB6EE20000-0x00007FFB6F8E1000-memory.dmp

Filesize
10.8MB

Download
memory/5108-4-0x00007FFB6EE20000-0x00007FFB6F8E1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads