asyncrat | 9a687a7f910fb6179d0ebf89d5fe346ada7f66c1469d0d8b8495f53caf48b027

Analysis

max time kernel
14s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 12:27

Target

c2278039f0acee06931c3e5f137605c175dab3174c327d9b87842975bf8ca36e.exe
Size

63KB
MD5

58e6b6b4b7f6849749b6374ffbd7fa2e
SHA1

51179defee9d29718177eb3fd0d0fdd5016165fc
SHA256

c2278039f0acee06931c3e5f137605c175dab3174c327d9b87842975bf8ca36e
SHA512

c90606f21d004e47b6b9bef3b8af452a172c04cb9d4d2ea1072687cb3c3086f20dbda352206879c7f4caaf27ae35dc51c8e3c3479260fff56f9f25adc32002a0
SSDEEP

1536:ohIBLTM3Ufc0cMdj7Al/FNDDegKxqGbbfwslW3GODpqKmY7:ohIBLTM3Ufc6dHY/FNDDegSqGbbfF0ni

Score

10^/10

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

ujhn.duckdns.org:8520

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2996	c2278039f0acee06931c3e5f137605c175dab3174c327d9b87842975bf8ca36e.exe

C:\Users\Admin\AppData\Local\Temp\c2278039f0acee06931c3e5f137605c175dab3174c327d9b87842975bf8ca36e.exe
"C:\Users\Admin\AppData\Local\Temp\c2278039f0acee06931c3e5f137605c175dab3174c327d9b87842975bf8ca36e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2996

memory/2996-0-0x00007FFC72B73000-0x00007FFC72B75000-memory.dmp

Filesize
8KB

Download
memory/2996-1-0x0000000000710000-0x0000000000726000-memory.dmp

Filesize
88KB

Download
memory/2996-2-0x00007FFC72B70000-0x00007FFC73631000-memory.dmp

Filesize
10.8MB

Download
memory/2996-3-0x00007FFC72B70000-0x00007FFC73631000-memory.dmp

Filesize
10.8MB

Download