Overview

overview

10

Static

static

10

c35c9895b9...8c.exe

windows7-x64

10

c35c9895b9...8c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 19:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c35c9895b90a75a0d8dd13c38c9fe565e693887f96334ea3ae762a160027ef8c.exe

  • Size

    74KB

  • MD5

    5bf4e6ee7c17815fa84e47b8e70cc562

  • SHA1

    445024fe41a4e64db7dfcfa3ddb4e991f1420e94

  • SHA256

    c35c9895b90a75a0d8dd13c38c9fe565e693887f96334ea3ae762a160027ef8c

  • SHA512

    4ad41ab0a5180dcc96f8cc512ea1e284ef08593c27be1c022709f2003f0d7509d6b1382873807631781f248e7d722187d016dfdd6e778a2f0366fc0a4595299d

  • SSDEEP

    1536:vUFAcxehvCw2PMVDe9VdQuDI6H1bf/RyZNpHpEQzceLVclN:vU6cxe1/2PMVDe9VdQsH1bf5yZzHpEQS

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

86.208.62.200:4449

Mutex

eobsjccgfymzffybs

Attributes
  • delay

    1

  • install

    false

  • install_file

    mama

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • VenomRAT 1 IoCs

    Detects VenomRAT.

    rat
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c35c9895b90a75a0d8dd13c38c9fe565e693887f96334ea3ae762a160027ef8c.exe
    "C:\Users\Admin\AppData\Local\Temp\c35c9895b90a75a0d8dd13c38c9fe565e693887f96334ea3ae762a160027ef8c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2152-0-0x00007FFEC1133000-0x00007FFEC1135000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2152-1-0x0000000000C30000-0x0000000000C48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2152-3-0x00007FFEC1130000-0x00007FFEC1BF1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2152-4-0x00007FFEC1133000-0x00007FFEC1135000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2152-5-0x00007FFEC1130000-0x00007FFEC1BF1000-memory.dmp

    Filesize

    10.8MB

    Download