asyncrat | 34df8dde153f3f5f5865fd51a5ca12e296d2658713a2f47b46cc93cb96dcdfe3

Analysis

max time kernel
133s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-08-2024 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

8d2ee2b8d8cdf232c9c2b52ddff175c2
SHA1

fd82c13c5e3cc842763a3512bb373054e4945c67
SHA256

34df8dde153f3f5f5865fd51a5ca12e296d2658713a2f47b46cc93cb96dcdfe3
SHA512

52bc0788448b59188514bb8b6609815f9167d4407ab445bcfa7c391038d92055019417e174775a46c47c000922355fdeca1b2bc58bc63f8eaf2c78239ce9117e
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/3TCQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bfrCQYBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:48820

Mutex

gvnqyrlnvle

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	2896	Client.exe
Token: SeIncreaseQuotaPrivilege	2896	Client.exe
Token: SeSecurityPrivilege	2896	Client.exe
Token: SeTakeOwnershipPrivilege	2896	Client.exe
Token: SeLoadDriverPrivilege	2896	Client.exe
Token: SeSystemProfilePrivilege	2896	Client.exe
Token: SeSystemtimePrivilege	2896	Client.exe
Token: SeProfSingleProcessPrivilege	2896	Client.exe
Token: SeIncBasePriorityPrivilege	2896	Client.exe
Token: SeCreatePagefilePrivilege	2896	Client.exe
Token: SeBackupPrivilege	2896	Client.exe
Token: SeRestorePrivilege	2896	Client.exe
Token: SeShutdownPrivilege	2896	Client.exe
Token: SeDebugPrivilege	2896	Client.exe
Token: SeSystemEnvironmentPrivilege	2896	Client.exe
Token: SeRemoteShutdownPrivilege	2896	Client.exe
Token: SeUndockPrivilege	2896	Client.exe
Token: SeManageVolumePrivilege	2896	Client.exe
Token: 33	2896	Client.exe
Token: 34	2896	Client.exe
Token: 35	2896	Client.exe
Token: 36	2896	Client.exe
Token: SeIncreaseQuotaPrivilege	2896	Client.exe
Token: SeSecurityPrivilege	2896	Client.exe
Token: SeTakeOwnershipPrivilege	2896	Client.exe
Token: SeLoadDriverPrivilege	2896	Client.exe
Token: SeSystemProfilePrivilege	2896	Client.exe
Token: SeSystemtimePrivilege	2896	Client.exe
Token: SeProfSingleProcessPrivilege	2896	Client.exe
Token: SeIncBasePriorityPrivilege	2896	Client.exe
Token: SeCreatePagefilePrivilege	2896	Client.exe
Token: SeBackupPrivilege	2896	Client.exe
Token: SeRestorePrivilege	2896	Client.exe
Token: SeShutdownPrivilege	2896	Client.exe
Token: SeDebugPrivilege	2896	Client.exe
Token: SeSystemEnvironmentPrivilege	2896	Client.exe
Token: SeRemoteShutdownPrivilege	2896	Client.exe
Token: SeUndockPrivilege	2896	Client.exe
Token: SeManageVolumePrivilege	2896	Client.exe
Token: 33	2896	Client.exe
Token: 34	2896	Client.exe
Token: 35	2896	Client.exe
Token: 36	2896	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2896-0-0x0000000000770000-0x0000000000788000-memory.dmp

Filesize
96KB

Download
memory/2896-1-0x00007FFB06773000-0x00007FFB06774000-memory.dmp

Filesize
4KB

Download
memory/2896-3-0x00007FFB06770000-0x00007FFB0715C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-4-0x00007FFB06773000-0x00007FFB06774000-memory.dmp

Filesize
4KB

Download
memory/2896-5-0x00007FFB06770000-0x00007FFB0715C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads