asyncrat | 34df8dde153f3f5f5865fd51a5ca12e296d2658713a2f47b46cc93cb96dcdfe3

Analysis

max time kernel
129s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
02-08-2024 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

8d2ee2b8d8cdf232c9c2b52ddff175c2
SHA1

fd82c13c5e3cc842763a3512bb373054e4945c67
SHA256

34df8dde153f3f5f5865fd51a5ca12e296d2658713a2f47b46cc93cb96dcdfe3
SHA512

52bc0788448b59188514bb8b6609815f9167d4407ab445bcfa7c391038d92055019417e174775a46c47c000922355fdeca1b2bc58bc63f8eaf2c78239ce9117e
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/3TCQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bfrCQYBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:48820

Mutex

gvnqyrlnvle

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	4472	Client.exe
Token: SeIncreaseQuotaPrivilege	4472	Client.exe
Token: SeSecurityPrivilege	4472	Client.exe
Token: SeTakeOwnershipPrivilege	4472	Client.exe
Token: SeLoadDriverPrivilege	4472	Client.exe
Token: SeSystemProfilePrivilege	4472	Client.exe
Token: SeSystemtimePrivilege	4472	Client.exe
Token: SeProfSingleProcessPrivilege	4472	Client.exe
Token: SeIncBasePriorityPrivilege	4472	Client.exe
Token: SeCreatePagefilePrivilege	4472	Client.exe
Token: SeBackupPrivilege	4472	Client.exe
Token: SeRestorePrivilege	4472	Client.exe
Token: SeShutdownPrivilege	4472	Client.exe
Token: SeDebugPrivilege	4472	Client.exe
Token: SeSystemEnvironmentPrivilege	4472	Client.exe
Token: SeRemoteShutdownPrivilege	4472	Client.exe
Token: SeUndockPrivilege	4472	Client.exe
Token: SeManageVolumePrivilege	4472	Client.exe
Token: 33	4472	Client.exe
Token: 34	4472	Client.exe
Token: 35	4472	Client.exe
Token: 36	4472	Client.exe
Token: SeIncreaseQuotaPrivilege	4472	Client.exe
Token: SeSecurityPrivilege	4472	Client.exe
Token: SeTakeOwnershipPrivilege	4472	Client.exe
Token: SeLoadDriverPrivilege	4472	Client.exe
Token: SeSystemProfilePrivilege	4472	Client.exe
Token: SeSystemtimePrivilege	4472	Client.exe
Token: SeProfSingleProcessPrivilege	4472	Client.exe
Token: SeIncBasePriorityPrivilege	4472	Client.exe
Token: SeCreatePagefilePrivilege	4472	Client.exe
Token: SeBackupPrivilege	4472	Client.exe
Token: SeRestorePrivilege	4472	Client.exe
Token: SeShutdownPrivilege	4472	Client.exe
Token: SeDebugPrivilege	4472	Client.exe
Token: SeSystemEnvironmentPrivilege	4472	Client.exe
Token: SeRemoteShutdownPrivilege	4472	Client.exe
Token: SeUndockPrivilege	4472	Client.exe
Token: SeManageVolumePrivilege	4472	Client.exe
Token: 33	4472	Client.exe
Token: 34	4472	Client.exe
Token: 35	4472	Client.exe
Token: 36	4472	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4472-0-0x00007FF844743000-0x00007FF844744000-memory.dmp

Filesize
4KB

Download
memory/4472-1-0x00000000000B0000-0x00000000000C8000-memory.dmp

Filesize
96KB

Download
memory/4472-3-0x00007FF844740000-0x00007FF84512C000-memory.dmp

Filesize
9.9MB

Download
memory/4472-4-0x00007FF844740000-0x00007FF84512C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads