asyncrat | d6dee58b84725522ff3c9ee5a38852f5b19ea330f61a55632dfa0eb4de78fdab

Analysis

max time kernel
96s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6b2fb722cd971de816fc175a5fcf280N.exe
Size

82KB
MD5

b6b2fb722cd971de816fc175a5fcf280
SHA1

284030df31f941eb6d24a4d99afd3c9e8318d4b8
SHA256

d6dee58b84725522ff3c9ee5a38852f5b19ea330f61a55632dfa0eb4de78fdab
SHA512

8fe5038d25b68538da5ff71825aece45d4252e59b949e00e38bf2624d98d944d57f87347f436ff2364df913cf422c6258ceeece0ee2e72fb951dbc8d65121d3f
SSDEEP

1536:BNUEkcx4VHsC0SPMVBX4AAIvH1bx/QziQzcd33oLVclN:rUxcx4GfSPMV/pH1bxJQg33oBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

Mutex

qfnvtuedpjgnsylirpz

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

rat

Processes:

resource	yara_rule
behavioral2/memory/4572-0-0x00000000009D0000-0x00000000009EA000-memory.dmp	VenomRAT

Suspicious use of AdjustPrivilegeToken 43 IoCs

Processes:

b6b2fb722cd971de816fc175a5fcf280N.exe

description	pid	process
Token: SeDebugPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncreaseQuotaPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSecurityPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeTakeOwnershipPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeLoadDriverPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemProfilePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemtimePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeProfSingleProcessPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncBasePriorityPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeCreatePagefilePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeBackupPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRestorePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeShutdownPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeDebugPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemEnvironmentPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRemoteShutdownPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeUndockPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeManageVolumePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 33	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 34	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 35	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 36	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncreaseQuotaPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSecurityPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeTakeOwnershipPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeLoadDriverPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemProfilePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemtimePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeProfSingleProcessPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeIncBasePriorityPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeCreatePagefilePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeBackupPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRestorePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeShutdownPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeDebugPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeSystemEnvironmentPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeRemoteShutdownPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeUndockPrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: SeManageVolumePrivilege	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 33	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 34	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 35	4572	b6b2fb722cd971de816fc175a5fcf280N.exe
Token: 36	4572	b6b2fb722cd971de816fc175a5fcf280N.exe

C:\Users\Admin\AppData\Local\Temp\b6b2fb722cd971de816fc175a5fcf280N.exe
"C:\Users\Admin\AppData\Local\Temp\b6b2fb722cd971de816fc175a5fcf280N.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4572-0-0x00000000009D0000-0x00000000009EA000-memory.dmp

Filesize
104KB

Download
memory/4572-1-0x00007FFEE92B0000-0x00007FFEE94A5000-memory.dmp

Filesize
2.0MB

Download
memory/4572-3-0x00007FFEE92B0000-0x00007FFEE94A5000-memory.dmp

Filesize
2.0MB

Download
memory/4572-4-0x00007FFEE92B0000-0x00007FFEE94A5000-memory.dmp

Filesize
2.0MB

Download