asyncrat | 7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c

Analysis

max time kernel
148s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
Size

74KB
MD5

4830c6970a8b920572132fb77b034607
SHA1

2ac63faf72e584a1a1696e9128dbead3cb5ef314
SHA256

7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c
SHA512

219a87be478eb391916e56df46e2b0b4cd68ba230aa658404863705345c0be9e378d871d179aedfa963fa28f07b5c74e0f704b2d10e903b03b0e7857a8dc4bb5
SSDEEP

1536:UUUPcxVteCW7PMVP1yievkIXH1b1/lY4k2QzcWLVclN:UUmcxV4x7PMVdyzZH1b1dY4k2QvBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

Mutex

nifprnoqzwerzc

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

rat

resource	yara_rule
behavioral2/memory/5024-1-0x0000000000E80000-0x0000000000E98000-memory.dmp	VenomRAT

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5024	7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe

C:\Users\Admin\AppData\Local\Temp\7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe
"C:\Users\Admin\AppData\Local\Temp\7d5fc2145a14ba1e876711c889cf8ae61c6b4faba4c9347154e6622846c8960c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4384,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:8
1⤵
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5024-1-0x0000000000E80000-0x0000000000E98000-memory.dmp

Filesize
96KB

Download
memory/5024-0-0x00007FFDE97A3000-0x00007FFDE97A5000-memory.dmp

Filesize
8KB

Download
memory/5024-3-0x00007FFDE97A0000-0x00007FFDEA261000-memory.dmp

Filesize
10.8MB

Download
memory/5024-4-0x00007FFDE97A3000-0x00007FFDE97A5000-memory.dmp

Filesize
8KB

Download
memory/5024-5-0x00007FFDE97A0000-0x00007FFDEA261000-memory.dmp

Filesize
10.8MB

Download