asyncrat | ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37

Analysis

max time kernel
128s
max time network
135s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
Size

74KB
MD5

639b6cc9c0bccf3ac55eed2906349483
SHA1

9a73c218b7bb5c47392ab15b8597d55a123ea007
SHA256

ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37
SHA512

e036a9b7139d3ab4f422369101c4666dff88d2e5fc3b62dbbd0e6de9c50ffb64f23d25c7b8fb245d58ec5609836586c2844bd811c96347af13b7e067cd8bbfd0
SSDEEP

1536:gUUPcxVteCW7PMVwEh3kLuaIsH1bTcqMAQzcyLVclN:gUmcxV4x7PMVXfAH1bTDBQjBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

194.107.126.11:4449

194.107.126.11:1111

Mutex

ykxpfvzpothjkcy

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

rat

Processes:

resource	yara_rule
behavioral1/memory/2220-1-0x00000000000C0000-0x00000000000D8000-memory.dmp	VenomRAT

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe

pid	process
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe

description pid process

Token: SeDebugPrivilege 2220 ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe

pid process

2220 ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe

description	pid	process
Token: SeDebugPrivilege	2220	ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe

C:\Users\Admin\AppData\Local\Temp\ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe
"C:\Users\Admin\AppData\Local\Temp\ed27a0678f0008811b0256be986ef5ae47913c319ce41e2533c42aeb8ca57b37.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-0-0x000007FEF62C3000-0x000007FEF62C4000-memory.dmp

Filesize
4KB

Download
memory/2220-1-0x00000000000C0000-0x00000000000D8000-memory.dmp

Filesize
96KB

Download
memory/2220-3-0x000007FEF62C0000-0x000007FEF6CAC000-memory.dmp

Filesize
9.9MB

Download
memory/2220-4-0x000007FEF62C0000-0x000007FEF6CAC000-memory.dmp

Filesize
9.9MB

Download
memory/2220-5-0x000007FEF62C3000-0x000007FEF62C4000-memory.dmp

Filesize
4KB

Download
memory/2220-6-0x000007FEF62C0000-0x000007FEF6CAC000-memory.dmp

Filesize
9.9MB

Download
memory/2220-7-0x000007FEF62C0000-0x000007FEF6CAC000-memory.dmp

Filesize
9.9MB

Download