asyncrat | a8dec7685cba26def47b375d92879d4246996121eaf68978e099a3da21df866e

Analysis

max time kernel
146s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/01/2025, 13:55

Target

Spotify.exe
Size

108KB
MD5

a6c34258e0f4969327d5115ccd153758
SHA1

f2ce4e1748b0b211a08a5a871d4dac68958ba9d3
SHA256

a8dec7685cba26def47b375d92879d4246996121eaf68978e099a3da21df866e
SHA512

d441823e650a65301d5ff222612d1b141182f8f9b35c9a67122e5e6c78fc76b48c402e8fb7ce52a0f1367d59db13c09030de0f07a3a62afd5c9296060c98412a
SSDEEP

3072:bUmcxV4x7PMVee9VdQgH1bfRQiKYWwhHYa:blx7PMVeaegVbZC47

Score

10^/10

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

193.161.193.99:52920

193.161.193.99:3333

Mutex

nfpzlqliopdz

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

resource	yara_rule
behavioral1/memory/3028-1-0x00000000008B0000-0x00000000008CE000-memory.dmp	VenomRAT

Suspicious behavior: EnumeratesProcesses 29 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3028	Spotify.exe
Token: SeDebugPrivilege	3028	Spotify.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3028	Spotify.exe

memory/3028-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/3028-1-0x00000000008B0000-0x00000000008CE000-memory.dmp

Filesize
120KB

Download
memory/3028-3-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/3028-4-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/3028-5-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/3028-6-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download