asyncrat | 59930c83d569e7df4d5ec1b7e6689ba19dcb988c2686ca0589a15f40e30e945d

Analysis

max time kernel
132s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/01/2025, 00:06

Target

59930c83d569e7df4d5ec1b7e6689ba19dcb988c2686ca0589a15f40e30e945d.exe
Size

63KB
MD5

2f37fb132331153b874e2dc31f0a0802
SHA1

904f0fadd72bbb70587dea827cc9d8448576839a
SHA256

59930c83d569e7df4d5ec1b7e6689ba19dcb988c2686ca0589a15f40e30e945d
SHA512

61f1691c82bfe677df1f8ec46806c95073d9f801bbd1fb9a1efc5c997c4d483b4359cff20ccdd59d3e599a18d8e44fffc909978e868439b9ac372d6b861467b4
SSDEEP

1536:AhfLOFw7bfpaPWhHN68IyNGhJFGbblw2BJC4GhDpqKmY7:AhfLOFw7rpaPW1NVDN2PGbblhCZgz

Score

10^/10

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

103.140.251.156:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2360	59930c83d569e7df4d5ec1b7e6689ba19dcb988c2686ca0589a15f40e30e945d.exe

C:\Users\Admin\AppData\Local\Temp\59930c83d569e7df4d5ec1b7e6689ba19dcb988c2686ca0589a15f40e30e945d.exe
"C:\Users\Admin\AppData\Local\Temp\59930c83d569e7df4d5ec1b7e6689ba19dcb988c2686ca0589a15f40e30e945d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2360

memory/2360-0-0x000007FEF5A13000-0x000007FEF5A14000-memory.dmp

Filesize
4KB

Download
memory/2360-1-0x00000000002D0000-0x00000000002E6000-memory.dmp

Filesize
88KB

Download
memory/2360-2-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2360-3-0x000007FEF5A13000-0x000007FEF5A14000-memory.dmp

Filesize
4KB

Download
memory/2360-4-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download