asyncrat | fa8cc2b40e644427aa4ec7e9441f5b75389c6a7915cd732b01a5a50921331e80

Analysis

max time kernel
898s
max time network
903s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 00:42

Target

Client.exe
Size

74KB
MD5

518cefe78569449a64ba9fcc57722fc3
SHA1

f5a37814247e38571eea79a509b81599b95868fd
SHA256

2a1b43cafc7425461176f66986b25408dca8fedef6ec84b411a82da5be8953ab
SHA512

88a17a768af4800e7b6f8f96cfb7de4788b5eceae6241dba694cf071410365508bb7982761bbbd518ada6e4db713e591b800a3365e1dd1daddc3918f09661958
SSDEEP

1536:EUEkcx4VHsC0SPMV7e9VdQuDI6H1bf/DtQzc2LVclN:EUxcx4GfSPMV7e9VdQsH1bfZQPBY

Score

10^/10

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

159.203.126.35:22279

Mutex

hnfkoikowllyvsdhi

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5948	Client.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5948	Client.exe

memory/5948-0-0x00007FFB11B53000-0x00007FFB11B55000-memory.dmp

Filesize
8KB

Download
memory/5948-1-0x00000000000C0000-0x00000000000D8000-memory.dmp

Filesize
96KB

Download
memory/5948-3-0x00007FFB11B50000-0x00007FFB12612000-memory.dmp

Filesize
10.8MB

Download
memory/5948-4-0x00007FFB11B50000-0x00007FFB12612000-memory.dmp

Filesize
10.8MB

Download
memory/5948-5-0x00007FFB11B53000-0x00007FFB11B55000-memory.dmp

Filesize
8KB

Download
memory/5948-6-0x00007FFB11B50000-0x00007FFB12612000-memory.dmp

Filesize
10.8MB

Download