asyncrat | 2d1f81c62216894d4840e544b0c3c8882364cfa730946d0cd02d2ce22694e50f

Analysis

max time kernel
102s
max time network
149s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
31/03/2025, 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

0b601635bd4ee178cc30afe7d4e72051
SHA1

dbec5361eb7e64902441fd8d205e1a96d191d735
SHA256

2d1f81c62216894d4840e544b0c3c8882364cfa730946d0cd02d2ce22694e50f
SHA512

d5499c55852a8c91a8b79e3d91202897ce6364408b3927fabbb8a20067fa8cd655973e8e1ca414a01dc67a92b0186a0156203c2f1a6b17e32b0e4e28d0b2b946
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/Jz/QzcBLVclN:8UmcxV4x7PMVee9VdQsH1bfBDQYBY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

132.145.75.68:3965

132.145.75.68:2885

Mutex

ftolxmmyozfj

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5708	Client.exe
5708	Client.exe
5708	Client.exe
5708	Client.exe
5708	Client.exe
5708	Client.exe
5708	Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5708	Client.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5708	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5708-0-0x00007FF9D12A3000-0x00007FF9D12A5000-memory.dmp

Filesize
8KB

Download
memory/5708-1-0x0000000000430000-0x0000000000448000-memory.dmp

Filesize
96KB

Download
memory/5708-3-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download
memory/5708-4-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download
memory/5708-5-0x00007FF9D12A3000-0x00007FF9D12A5000-memory.dmp

Filesize
8KB

Download
memory/5708-6-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download
memory/5708-7-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download
memory/5708-10-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download
memory/5708-12-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download
memory/5708-13-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download
memory/5708-14-0x00007FF9D12A0000-0x00007FF9D1D62000-memory.dmp

Filesize
10.8MB

Download