asyncrat | 6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a

Analysis

max time kernel
128s
max time network
138s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
Size

79KB
MD5

037d11156638e4584494ef53322413ba
SHA1

a88f49727e65aa507c820aadcd95686bc49f5b8a
SHA256

6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a
SHA512

e002aa61a801a8071ac669e5cc5f73cc4a17c9c2f8b960929a8dfe9617344bee6d678f4b998ab5311bbca45960c0410832642fb94916188efa219562d5992124
SSDEEP

1536:QUYkcxVKpC6yPMVS07RhcIgH1ba/am2dDgQzcD0SXVclN:QU1cxVENyPMVPNhWH1bawdDgQWFY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

127.0.0.1:800

127.0.0.1:600

127.0.0.1:17790

192.168.1.17:4449

192.168.1.17:800

192.168.1.17:600

192.168.1.17:17790

3.142.167.54:4449

3.142.167.54:800

3.142.167.54:600

3.142.167.54:17790

Mutex

uzaseljnonsxi

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

rat

resource	yara_rule
behavioral1/memory/1660-1-0x0000000000AD0000-0x0000000000AEA000-memory.dmp	VenomRAT

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1660	6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe

C:\Users\Admin\AppData\Local\Temp\6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe
"C:\Users\Admin\AppData\Local\Temp\6f47373b38d3552785c6739a6269f093c5bff95e7af9d4e1860078958dbe881a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-0-0x000007FEF5CC3000-0x000007FEF5CC4000-memory.dmp

Filesize
4KB

Download
memory/1660-1-0x0000000000AD0000-0x0000000000AEA000-memory.dmp

Filesize
104KB

Download
memory/1660-3-0x000007FEF5CC0000-0x000007FEF66AC000-memory.dmp

Filesize
9.9MB

Download
memory/1660-4-0x000007FEF5CC0000-0x000007FEF66AC000-memory.dmp

Filesize
9.9MB

Download
memory/1660-5-0x000007FEF5CC3000-0x000007FEF5CC4000-memory.dmp

Filesize
4KB

Download
memory/1660-6-0x000007FEF5CC0000-0x000007FEF66AC000-memory.dmp

Filesize
9.9MB

Download