asyncrat | b8d32843a48e1e06212a3687a71a908031f8b11577c3bd8ee1ced63a6e482bca

Analysis

max time kernel
146s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/02/2025, 17:48

Target

Client1234.exe
Size

172KB
MD5

20396f2411146b5bb648fe1553b7f19a
SHA1

dfc0abeb5f8578502d22d98ee371efae109f968e
SHA256

b8d32843a48e1e06212a3687a71a908031f8b11577c3bd8ee1ced63a6e482bca
SHA512

19e7b028848774169ee60793418071730892cb4dc3c95f6476a830c051beab1a7bc319a36287d9bfd39907404c27dc6a754b7196cb90cfcd57ad22fd97a8b216
SSDEEP

3072:bUxcx4GfSPMV7e9VdQsH1bf8eQRM+lmsolAIrRuw+mqv9j1MWLQfBY:b5fSPMV7aesVb7B+lDAAy

Score

10^/10

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

147.124.210.158:4449

Mutex

chptbpgxeghrinbp

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

resource	yara_rule
behavioral1/memory/2208-1-0x0000000000220000-0x0000000000250000-memory.dmp	VenomRAT

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	Client1234.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2208	Client1234.exe

memory/2208-0-0x000007FEF5063000-0x000007FEF5064000-memory.dmp

Filesize
4KB

Download
memory/2208-1-0x0000000000220000-0x0000000000250000-memory.dmp

Filesize
192KB

Download
memory/2208-3-0x000007FEF5060000-0x000007FEF5A4C000-memory.dmp

Filesize
9.9MB

Download
memory/2208-4-0x000007FEF5060000-0x000007FEF5A4C000-memory.dmp

Filesize
9.9MB

Download
memory/2208-5-0x000007FEF5063000-0x000007FEF5064000-memory.dmp

Filesize
4KB

Download
memory/2208-6-0x000007FEF5060000-0x000007FEF5A4C000-memory.dmp

Filesize
9.9MB

Download