asyncrat | 34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Size

90KB
MD5

24c56282b153c72db527d0af5e1e371d
SHA1

800dfc31384b0317c3f145c4de36ca305fea8a5b
SHA256

34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02
SHA512

1e3f4ba03473b352b40afb983e0b055431ab517d8bd5aa359fe676a31d8527547d7a59dea6d3306b8dc26e5a11bee865860c8c29eca0eca8d67bdab0d64e5b8e
SSDEEP

1536:UU/UcxtbECiiPMVie9VdQkhDIyH1bf/6I+mQzcEBVqRhI/bDn3VclNg:UUscxtAViPMVie9VdQgH1bfiRmQrI6vN

Score

10^/10

asyncrat venomrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

hshshhsh

Attributes

delay
1
install
true
install_file
6asd8sdad2183sada8213s.exe
install_folder
%Temp%
pastebin_config
https://pastebin.com/raw/LwwcrLg4

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

rat

resource	yara_rule
behavioral1/memory/2396-1-0x0000000000890000-0x00000000008AA000-memory.dmp	VenomRAT

Venomrat family
venomrat

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeDebugPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeIncreaseQuotaPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSecurityPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeTakeOwnershipPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeLoadDriverPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSystemProfilePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSystemtimePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeProfSingleProcessPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeIncBasePriorityPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeCreatePagefilePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeBackupPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeRestorePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeShutdownPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeDebugPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSystemEnvironmentPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeRemoteShutdownPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeUndockPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeManageVolumePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: 33	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: 34	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: 35	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeIncreaseQuotaPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSecurityPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeTakeOwnershipPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeLoadDriverPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSystemProfilePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSystemtimePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeProfSingleProcessPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeIncBasePriorityPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeCreatePagefilePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeBackupPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeRestorePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeShutdownPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeDebugPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeSystemEnvironmentPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeRemoteShutdownPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeUndockPrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: SeManageVolumePrivilege	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: 33	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: 34	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
Token: 35	2396	34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe

C:\Users\Admin\AppData\Local\Temp\34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe
"C:\Users\Admin\AppData\Local\Temp\34f2ec981f0c1dfaa3f04ea26266a0732a3767560847d7ab912b340b90fbbd02.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2396-0-0x000007FEF5A93000-0x000007FEF5A94000-memory.dmp

Filesize
4KB

Download
memory/2396-1-0x0000000000890000-0x00000000008AA000-memory.dmp

Filesize
104KB

Download
memory/2396-3-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download
memory/2396-4-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download