Analysis
-
max time kernel
598s -
max time network
600s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/01/2025, 20:11
Behavioral task
behavioral1
Sample
Client.exe
Resource
win10ltsc2021-20250113-en
windows10-ltsc 2021-x64
6 signatures
600 seconds
General
-
Target
Client.exe
-
Size
74KB
-
MD5
691bc0e47a381c96ffcc10e0ce7afd10
-
SHA1
eecb7fb5afd34a029bdaefcb4a9119f4f185533f
-
SHA256
8d4c69f370e3a1e608f0c0deeca8b1ab1be76393c4c02cd6140d73c11dd4d411
-
SHA512
9a6106a7609e9f71d7af57d14f07d3166ef70aca30334143a114108076823e67b569eda94d9655d19e610349832c1a8c9802ceb9b10c820f2bb622b7622e6098
-
SSDEEP
1536:EUckcx4VHsC0SPMV7e9VdQuDI6H1bf/ce2+Qzc2LVclN:EUpcx4GfSPMV7e9VdQsH1bf0e2+QPBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
Mutex
Rmc
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/iRj0W279
aes.plain
Signatures
-
Asyncrat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
flow ioc 137 pastebin.com 159 pastebin.com 45 pastebin.com 72 pastebin.com 76 pastebin.com 82 pastebin.com 112 pastebin.com 135 pastebin.com 178 pastebin.com 37 pastebin.com 88 pastebin.com 7 pastebin.com 24 pastebin.com 32 pastebin.com 34 pastebin.com 156 pastebin.com 191 pastebin.com 68 pastebin.com 74 pastebin.com 105 pastebin.com 130 pastebin.com 169 pastebin.com 128 pastebin.com 155 pastebin.com 21 pastebin.com 28 pastebin.com 33 pastebin.com 97 pastebin.com 109 pastebin.com 117 pastebin.com 70 pastebin.com 119 pastebin.com 131 pastebin.com 140 pastebin.com 20 pastebin.com 50 pastebin.com 138 pastebin.com 161 pastebin.com 177 pastebin.com 179 pastebin.com 43 pastebin.com 81 pastebin.com 101 pastebin.com 110 pastebin.com 121 pastebin.com 157 pastebin.com 193 pastebin.com 71 pastebin.com 90 pastebin.com 96 pastebin.com 150 pastebin.com 194 pastebin.com 195 pastebin.com 145 pastebin.com 180 pastebin.com 4 pastebin.com 6 pastebin.com 9 pastebin.com 60 pastebin.com 61 pastebin.com 79 pastebin.com 5 pastebin.com 35 pastebin.com 134 pastebin.com -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe 3608 Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3608 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3608 Client.exe