asyncrat | 196e8e5dcfab24d269e9297abb9961cd914ce4cc76475564ba359bece433418c

Analysis

max time kernel
106s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

e4dac9e38d48d5d50f558bb3ea77b219
SHA1

49a53e206ae332336c07f6cf6b7d2bd3caf4df8c
SHA256

196e8e5dcfab24d269e9297abb9961cd914ce4cc76475564ba359bece433418c
SHA512

d36b2e3eb076430abfc96ec3f577d04fc21af532357745726c7c5e233aab3c887253488ba314651b8526c4c7840f211fb63df60cce05aee51012a14ef3eea760
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/YYmXQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bfQYmXQYBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

132.145.75.68:3965

Mutex

yyhmudweswgsnbs

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	6136	Client.exe
Token: SeIncreaseQuotaPrivilege	6136	Client.exe
Token: SeSecurityPrivilege	6136	Client.exe
Token: SeTakeOwnershipPrivilege	6136	Client.exe
Token: SeLoadDriverPrivilege	6136	Client.exe
Token: SeSystemProfilePrivilege	6136	Client.exe
Token: SeSystemtimePrivilege	6136	Client.exe
Token: SeProfSingleProcessPrivilege	6136	Client.exe
Token: SeIncBasePriorityPrivilege	6136	Client.exe
Token: SeCreatePagefilePrivilege	6136	Client.exe
Token: SeBackupPrivilege	6136	Client.exe
Token: SeRestorePrivilege	6136	Client.exe
Token: SeShutdownPrivilege	6136	Client.exe
Token: SeDebugPrivilege	6136	Client.exe
Token: SeSystemEnvironmentPrivilege	6136	Client.exe
Token: SeRemoteShutdownPrivilege	6136	Client.exe
Token: SeUndockPrivilege	6136	Client.exe
Token: SeManageVolumePrivilege	6136	Client.exe
Token: 33	6136	Client.exe
Token: 34	6136	Client.exe
Token: 35	6136	Client.exe
Token: 36	6136	Client.exe
Token: SeIncreaseQuotaPrivilege	6136	Client.exe
Token: SeSecurityPrivilege	6136	Client.exe
Token: SeTakeOwnershipPrivilege	6136	Client.exe
Token: SeLoadDriverPrivilege	6136	Client.exe
Token: SeSystemProfilePrivilege	6136	Client.exe
Token: SeSystemtimePrivilege	6136	Client.exe
Token: SeProfSingleProcessPrivilege	6136	Client.exe
Token: SeIncBasePriorityPrivilege	6136	Client.exe
Token: SeCreatePagefilePrivilege	6136	Client.exe
Token: SeBackupPrivilege	6136	Client.exe
Token: SeRestorePrivilege	6136	Client.exe
Token: SeShutdownPrivilege	6136	Client.exe
Token: SeDebugPrivilege	6136	Client.exe
Token: SeSystemEnvironmentPrivilege	6136	Client.exe
Token: SeRemoteShutdownPrivilege	6136	Client.exe
Token: SeUndockPrivilege	6136	Client.exe
Token: SeManageVolumePrivilege	6136	Client.exe
Token: 33	6136	Client.exe
Token: 34	6136	Client.exe
Token: 35	6136	Client.exe
Token: 36	6136	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/6136-0-0x00007FF8D56E3000-0x00007FF8D56E5000-memory.dmp

Filesize
8KB

Download
memory/6136-1-0x0000000000AB0000-0x0000000000AC8000-memory.dmp

Filesize
96KB

Download
memory/6136-3-0x00007FF8D56E0000-0x00007FF8D61A1000-memory.dmp

Filesize
10.8MB

Download
memory/6136-4-0x00007FF8D56E0000-0x00007FF8D61A1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads