asyncrat | d6dee58b84725522ff3c9ee5a38852f5b19ea330f61a55632dfa0eb4de78fdab

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6b2fb722cd971de816fc175a5fcf280N.exe
Size

82KB
MD5

b6b2fb722cd971de816fc175a5fcf280
SHA1

284030df31f941eb6d24a4d99afd3c9e8318d4b8
SHA256

d6dee58b84725522ff3c9ee5a38852f5b19ea330f61a55632dfa0eb4de78fdab
SHA512

8fe5038d25b68538da5ff71825aece45d4252e59b949e00e38bf2624d98d944d57f87347f436ff2364df913cf422c6258ceeece0ee2e72fb951dbc8d65121d3f
SSDEEP

1536:BNUEkcx4VHsC0SPMVBX4AAIvH1bx/QziQzcd33oLVclN:rUxcx4GfSPMV/pH1bxJQg33oBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

Mutex

qfnvtuedpjgnsylirpz

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

rat

Processes:

resource	yara_rule
behavioral1/memory/2064-1-0x0000000001010000-0x000000000102A000-memory.dmp	VenomRAT

Suspicious use of AdjustPrivilegeToken 41 IoCs

Processes:

b6b2fb722cd971de816fc175a5fcf280N.exe

description	pid	Process
Token: SeDebugPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncreaseQuotaPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSecurityPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeTakeOwnershipPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeLoadDriverPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemProfilePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemtimePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeProfSingleProcessPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncBasePriorityPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeCreatePagefilePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeBackupPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRestorePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeShutdownPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeDebugPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemEnvironmentPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRemoteShutdownPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeUndockPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeManageVolumePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 33	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 34	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 35	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncreaseQuotaPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSecurityPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeTakeOwnershipPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeLoadDriverPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemProfilePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemtimePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeProfSingleProcessPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncBasePriorityPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeCreatePagefilePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeBackupPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRestorePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeShutdownPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeDebugPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemEnvironmentPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRemoteShutdownPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeUndockPrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeManageVolumePrivilege	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 33	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 34	2064	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 35	2064	b6b2fb722cd971de816fc175a5fcf280N.exe

C:\Users\Admin\AppData\Local\Temp\b6b2fb722cd971de816fc175a5fcf280N.exe
"C:\Users\Admin\AppData\Local\Temp\b6b2fb722cd971de816fc175a5fcf280N.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2064-0-0x000007FEF50F3000-0x000007FEF50F4000-memory.dmp

Filesize
4KB

Download
memory/2064-1-0x0000000001010000-0x000000000102A000-memory.dmp

Filesize
104KB

Download
memory/2064-3-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/2064-4-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download