asyncrat | 299d8d36287464bcd925963900693c90bb522496c00e5ece5597546aa2d25583

Analysis

max time kernel
90s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

3ca7978475f82a2ca38bc3d10c7d15a7
SHA1

2410609e2d1bfe33d6cd0f5470fed2e8bb55f3bb
SHA256

299d8d36287464bcd925963900693c90bb522496c00e5ece5597546aa2d25583
SHA512

efa885a46ce98efe6d6dd834cf7e7febe3cf2ce33862f59a3a327f471711be590f1abeb7ae937cd57f11ab4498d3874cfb382e97b8aca57c2d41af7a093d1f0a
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/zHxO7sQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bf07sQYBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

Mutex

wfoehyvysnrpp

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	4272	Client.exe
Token: SeIncreaseQuotaPrivilege	4272	Client.exe
Token: SeSecurityPrivilege	4272	Client.exe
Token: SeTakeOwnershipPrivilege	4272	Client.exe
Token: SeLoadDriverPrivilege	4272	Client.exe
Token: SeSystemProfilePrivilege	4272	Client.exe
Token: SeSystemtimePrivilege	4272	Client.exe
Token: SeProfSingleProcessPrivilege	4272	Client.exe
Token: SeIncBasePriorityPrivilege	4272	Client.exe
Token: SeCreatePagefilePrivilege	4272	Client.exe
Token: SeBackupPrivilege	4272	Client.exe
Token: SeRestorePrivilege	4272	Client.exe
Token: SeShutdownPrivilege	4272	Client.exe
Token: SeDebugPrivilege	4272	Client.exe
Token: SeSystemEnvironmentPrivilege	4272	Client.exe
Token: SeRemoteShutdownPrivilege	4272	Client.exe
Token: SeUndockPrivilege	4272	Client.exe
Token: SeManageVolumePrivilege	4272	Client.exe
Token: 33	4272	Client.exe
Token: 34	4272	Client.exe
Token: 35	4272	Client.exe
Token: 36	4272	Client.exe
Token: SeIncreaseQuotaPrivilege	4272	Client.exe
Token: SeSecurityPrivilege	4272	Client.exe
Token: SeTakeOwnershipPrivilege	4272	Client.exe
Token: SeLoadDriverPrivilege	4272	Client.exe
Token: SeSystemProfilePrivilege	4272	Client.exe
Token: SeSystemtimePrivilege	4272	Client.exe
Token: SeProfSingleProcessPrivilege	4272	Client.exe
Token: SeIncBasePriorityPrivilege	4272	Client.exe
Token: SeCreatePagefilePrivilege	4272	Client.exe
Token: SeBackupPrivilege	4272	Client.exe
Token: SeRestorePrivilege	4272	Client.exe
Token: SeShutdownPrivilege	4272	Client.exe
Token: SeDebugPrivilege	4272	Client.exe
Token: SeSystemEnvironmentPrivilege	4272	Client.exe
Token: SeRemoteShutdownPrivilege	4272	Client.exe
Token: SeUndockPrivilege	4272	Client.exe
Token: SeManageVolumePrivilege	4272	Client.exe
Token: 33	4272	Client.exe
Token: 34	4272	Client.exe
Token: 35	4272	Client.exe
Token: 36	4272	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4272-1-0x00007FFC43DE3000-0x00007FFC43DE5000-memory.dmp

Filesize
8KB

Download
memory/4272-0-0x0000000000D40000-0x0000000000D58000-memory.dmp

Filesize
96KB

Download
memory/4272-3-0x00007FFC43DE0000-0x00007FFC448A1000-memory.dmp

Filesize
10.8MB

Download
memory/4272-4-0x00007FFC43DE0000-0x00007FFC448A1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads