Analysis
-
max time kernel
597s -
max time network
603s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
16/01/2025, 20:11
Behavioral task
behavioral1
Sample
Client.exe
Resource
win10ltsc2021-20250113-en
windows10-ltsc 2021-x64
6 signatures
600 seconds
General
-
Target
Client.exe
-
Size
74KB
-
MD5
691bc0e47a381c96ffcc10e0ce7afd10
-
SHA1
eecb7fb5afd34a029bdaefcb4a9119f4f185533f
-
SHA256
8d4c69f370e3a1e608f0c0deeca8b1ab1be76393c4c02cd6140d73c11dd4d411
-
SHA512
9a6106a7609e9f71d7af57d14f07d3166ef70aca30334143a114108076823e67b569eda94d9655d19e610349832c1a8c9802ceb9b10c820f2bb622b7622e6098
-
SSDEEP
1536:EUckcx4VHsC0SPMV7e9VdQuDI6H1bf/ce2+Qzc2LVclN:EUpcx4GfSPMV7e9VdQsH1bf0e2+QPBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
Mutex
Rmc
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/iRj0W279
aes.plain
Signatures
-
Asyncrat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
flow ioc 55 pastebin.com 119 pastebin.com 184 pastebin.com 187 pastebin.com 24 pastebin.com 43 pastebin.com 107 pastebin.com 166 pastebin.com 38 pastebin.com 46 pastebin.com 50 pastebin.com 61 pastebin.com 78 pastebin.com 80 pastebin.com 112 pastebin.com 117 pastebin.com 211 pastebin.com 51 pastebin.com 77 pastebin.com 146 pastebin.com 151 pastebin.com 212 pastebin.com 64 pastebin.com 67 pastebin.com 84 pastebin.com 86 pastebin.com 159 pastebin.com 171 pastebin.com 189 pastebin.com 190 pastebin.com 44 pastebin.com 105 pastebin.com 152 pastebin.com 170 pastebin.com 210 pastebin.com 101 pastebin.com 162 pastebin.com 173 pastebin.com 182 pastebin.com 202 pastebin.com 221 pastebin.com 83 pastebin.com 134 pastebin.com 169 pastebin.com 192 pastebin.com 206 pastebin.com 224 pastebin.com 60 pastebin.com 96 pastebin.com 109 pastebin.com 135 pastebin.com 144 pastebin.com 155 pastebin.com 89 pastebin.com 93 pastebin.com 156 pastebin.com 172 pastebin.com 207 pastebin.com 228 pastebin.com 13 pastebin.com 100 pastebin.com 215 pastebin.com 223 pastebin.com 124 pastebin.com -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe 4080 Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4080 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4080 Client.exe