asyncrat | 8d8a07b57ec3b4d0b7a24111ea6bc0fd4cb2dd75157999b482d51b49ebb90f4d

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 09:16

Target

222211.exe
Size

74KB
MD5

a77cf180ee00a6911d11a871f545e96e
SHA1

dfd0f620f1cfdfad647c2471001e0395a7132809
SHA256

8d8a07b57ec3b4d0b7a24111ea6bc0fd4cb2dd75157999b482d51b49ebb90f4d
SHA512

24509c77c84bbd4fd96711af5e2a17e100ea2fdba62a3964a23e37b4fa979684a95108458855f4be2029921bcf5af829ff61903885450844cd8dca64d570cd17
SSDEEP

1536:nUD0cxVGlCBiPMVLIVyta/I0H1bo/W+hoQzciLVclN:nUAcxVMWiPMVLIjnH1bo3KQzBY

Score

10^/10

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

127.0.0.1:4448

127.0.0.1:15158

147.185.221.21:4449

147.185.221.21:4448

147.185.221.21:15158

Mutex

mkkmubvdahpdiqhqff

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious behavior: EnumeratesProcesses 20 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2432	222211.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2432	222211.exe

memory/2432-0-0x000007FEF5A63000-0x000007FEF5A64000-memory.dmp

Filesize
4KB

Download
memory/2432-1-0x00000000011D0000-0x00000000011E8000-memory.dmp

Filesize
96KB

Download
memory/2432-3-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

Filesize
9.9MB

Download
memory/2432-4-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

Filesize
9.9MB

Download
memory/2432-5-0x000007FEF5A63000-0x000007FEF5A64000-memory.dmp

Filesize
4KB

Download
memory/2432-6-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

Filesize
9.9MB

Download