Analysis
-
max time kernel
897s -
max time network
899s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/01/2025, 20:10
Behavioral task
behavioral1
Sample
test.exe
Resource
win10ltsc2021-20250113-en
windows10-ltsc 2021-x64
6 signatures
900 seconds
General
-
Target
test.exe
-
Size
74KB
-
MD5
abd515c6d94c2de7edb2bd80023ef988
-
SHA1
228cf893387a11fdf8493dffee4624229c5b49aa
-
SHA256
23ba903e14ce489c912103322b57f13c20fdfbd0adadc39b04ccf863756606ea
-
SHA512
8673fa4fa22f7ddaa889a4a9baad60b86cae039d5b12fd5a8cd804f38d015808433f8f337e0f768e34e264d29bc1634640ef3bd7d56eace5c0ef13395b16898c
-
SSDEEP
1536:EUckcx4VHsC0SPMVc4SfSzyIrH1bi/AEpFnfwQzc2LVclN:EUpcx4GfSPMVc4SSH1biJbfwQPBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
Mutex
Rmc
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/iRj0W279
aes.plain
Signatures
-
Asyncrat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
flow ioc 282 pastebin.com 132 pastebin.com 190 pastebin.com 243 pastebin.com 264 pastebin.com 13 pastebin.com 284 pastebin.com 9 pastebin.com 22 pastebin.com 50 pastebin.com 139 pastebin.com 16 pastebin.com 103 pastebin.com 192 pastebin.com 248 pastebin.com 277 pastebin.com 25 pastebin.com 165 pastebin.com 200 pastebin.com 237 pastebin.com 93 pastebin.com 222 pastebin.com 232 pastebin.com 239 pastebin.com 281 pastebin.com 30 pastebin.com 114 pastebin.com 196 pastebin.com 210 pastebin.com 268 pastebin.com 272 pastebin.com 63 pastebin.com 121 pastebin.com 127 pastebin.com 213 pastebin.com 42 pastebin.com 96 pastebin.com 289 pastebin.com 68 pastebin.com 193 pastebin.com 271 pastebin.com 245 pastebin.com 34 pastebin.com 39 pastebin.com 87 pastebin.com 206 pastebin.com 77 pastebin.com 117 pastebin.com 214 pastebin.com 225 pastebin.com 275 pastebin.com 45 pastebin.com 116 pastebin.com 118 pastebin.com 126 pastebin.com 48 pastebin.com 244 pastebin.com 287 pastebin.com 94 pastebin.com 159 pastebin.com 174 pastebin.com 223 pastebin.com 226 pastebin.com 247 pastebin.com -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe 3012 test.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3012 test.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3012 test.exe