Overview

overview

10

Static

static

10

Client.exe

windows7-x64

10

Client.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 00:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client.exe

  • Size

    73KB

  • MD5

    b04fc8991793f99358d35be1427635ec

  • SHA1

    91c491af03d2f01b071cc3caf6fbd5c0f754339f

  • SHA256

    ac50f0971410af3fc6b2a147ebb6411ccf4ab586d7edfa5673129d6329602bf3

  • SHA512

    870aa32ae71ad09baf9453628fe6eab35ea55b6911f991b540222e60162032bca7dbac927eb95a5606be0afbdbffa066f24dbde4088961f68b1296a76e9b3390

  • SSDEEP

    1536:zUgzcxr7JcC4vPMV2e9VdQkhDIyH1bf/v5oT/Qzc33VclN:zUicxr7eDvPMV2e9VdQgH1bfp+QSlY

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

Mutex

fsjmmnvvtjlkiea

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %Temp%

aes.plain
1
v2zRD3SsYINXZBjTK2Zgaho5JIKukKGN

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client.exe
    "C:\Users\Admin\AppData\Local\Temp\Client.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2624

Network

    No results found
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
  • 127.0.0.1:4449
    Client.exe
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2624-0-0x000007FEF4E23000-0x000007FEF4E24000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2624-1-0x0000000000D80000-0x0000000000D96000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2624-3-0x000007FEF4E20000-0x000007FEF580C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2624-4-0x000007FEF4E20000-0x000007FEF580C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2624-5-0x000007FEF4E23000-0x000007FEF4E24000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2624-6-0x000007FEF4E20000-0x000007FEF580C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2624-7-0x000007FEF4E20000-0x000007FEF580C000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.