asyncrat | 87d55c0d07d9ff9c50615678dc4c2e9c1d8dd23168a79e6bd141a5808f229231

Analysis

max time kernel
104s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Windows Security Notification Helper.exe
Size

74KB
MD5

bfb84493851574b5ef058da7f27a8fc9
SHA1

840c9a05e578e1e127a312ab98a64cf5e359c730
SHA256

87d55c0d07d9ff9c50615678dc4c2e9c1d8dd23168a79e6bd141a5808f229231
SHA512

6825aa7fd8a05c874163441671fcc4baf7f061049b24f3d294d2ba93c920d6de84c8b018fb7a8ae494aec082b3a3745ef5c9dcba846f0551e91acbe97abca55c
SSDEEP

1536:3UUPcxVteCW7PMVZPYLcI7H1ba/2ce0GQzcuLVclN:3UmcxV4x7PMVh81H1baLe0GQnBY

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

132.145.75.68:5450

Mutex

yyhmudweswgsnbs

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	2848	Windows Security Notification Helper.exe
Token: SeIncreaseQuotaPrivilege	2848	Windows Security Notification Helper.exe
Token: SeSecurityPrivilege	2848	Windows Security Notification Helper.exe
Token: SeTakeOwnershipPrivilege	2848	Windows Security Notification Helper.exe
Token: SeLoadDriverPrivilege	2848	Windows Security Notification Helper.exe
Token: SeSystemProfilePrivilege	2848	Windows Security Notification Helper.exe
Token: SeSystemtimePrivilege	2848	Windows Security Notification Helper.exe
Token: SeProfSingleProcessPrivilege	2848	Windows Security Notification Helper.exe
Token: SeIncBasePriorityPrivilege	2848	Windows Security Notification Helper.exe
Token: SeCreatePagefilePrivilege	2848	Windows Security Notification Helper.exe
Token: SeBackupPrivilege	2848	Windows Security Notification Helper.exe
Token: SeRestorePrivilege	2848	Windows Security Notification Helper.exe
Token: SeShutdownPrivilege	2848	Windows Security Notification Helper.exe
Token: SeDebugPrivilege	2848	Windows Security Notification Helper.exe
Token: SeSystemEnvironmentPrivilege	2848	Windows Security Notification Helper.exe
Token: SeRemoteShutdownPrivilege	2848	Windows Security Notification Helper.exe
Token: SeUndockPrivilege	2848	Windows Security Notification Helper.exe
Token: SeManageVolumePrivilege	2848	Windows Security Notification Helper.exe
Token: 33	2848	Windows Security Notification Helper.exe
Token: 34	2848	Windows Security Notification Helper.exe
Token: 35	2848	Windows Security Notification Helper.exe
Token: 36	2848	Windows Security Notification Helper.exe
Token: SeIncreaseQuotaPrivilege	2848	Windows Security Notification Helper.exe
Token: SeSecurityPrivilege	2848	Windows Security Notification Helper.exe
Token: SeTakeOwnershipPrivilege	2848	Windows Security Notification Helper.exe
Token: SeLoadDriverPrivilege	2848	Windows Security Notification Helper.exe
Token: SeSystemProfilePrivilege	2848	Windows Security Notification Helper.exe
Token: SeSystemtimePrivilege	2848	Windows Security Notification Helper.exe
Token: SeProfSingleProcessPrivilege	2848	Windows Security Notification Helper.exe
Token: SeIncBasePriorityPrivilege	2848	Windows Security Notification Helper.exe
Token: SeCreatePagefilePrivilege	2848	Windows Security Notification Helper.exe
Token: SeBackupPrivilege	2848	Windows Security Notification Helper.exe
Token: SeRestorePrivilege	2848	Windows Security Notification Helper.exe
Token: SeShutdownPrivilege	2848	Windows Security Notification Helper.exe
Token: SeDebugPrivilege	2848	Windows Security Notification Helper.exe
Token: SeSystemEnvironmentPrivilege	2848	Windows Security Notification Helper.exe
Token: SeRemoteShutdownPrivilege	2848	Windows Security Notification Helper.exe
Token: SeUndockPrivilege	2848	Windows Security Notification Helper.exe
Token: SeManageVolumePrivilege	2848	Windows Security Notification Helper.exe
Token: 33	2848	Windows Security Notification Helper.exe
Token: 34	2848	Windows Security Notification Helper.exe
Token: 35	2848	Windows Security Notification Helper.exe
Token: 36	2848	Windows Security Notification Helper.exe

C:\Users\Admin\AppData\Local\Temp\Windows Security Notification Helper.exe
"C:\Users\Admin\AppData\Local\Temp\Windows Security Notification Helper.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2848-0-0x00007FFF465A3000-0x00007FFF465A5000-memory.dmp

Filesize
8KB

Download
memory/2848-1-0x0000000000F60000-0x0000000000F78000-memory.dmp

Filesize
96KB

Download
memory/2848-3-0x00007FFF465A0000-0x00007FFF47061000-memory.dmp

Filesize
10.8MB

Download
memory/2848-4-0x00007FFF465A0000-0x00007FFF47061000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads