Overview

overview

10

Static

static

10

0a44fa3711...a2.exe

windows10-2004-x64

10

0a44fa3711...a2.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2025, 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a44fa3711ce257064344a6e4475dda668dc6ccde66003eb8863c3bf90ec63a2.exe

  • Size

    63KB

  • MD5

    edbfd8ac9fd1e768c5061ea3938443dd

  • SHA1

    4f0b1c65c3ddf7b21d021b121f9151782cbeaa0d

  • SHA256

    0a44fa3711ce257064344a6e4475dda668dc6ccde66003eb8863c3bf90ec63a2

  • SHA512

    fe8fa1048444aee94018cc0659472ba041b055ea3607d10e5a896f8b9addff0f6dea85c92f226edeb5d8671258485b44a14f0bee380a98a842ee6f1d1e068007

  • SSDEEP

    1536:AhIBLTM3Ufc0cMdmeeiIVrGbbXwB1GGDpqKmY7:AhIBLTM3Ufc6d/eXGbbXUBgz

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:30000

192.168.1.215:30000
Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a44fa3711ce257064344a6e4475dda668dc6ccde66003eb8863c3bf90ec63a2.exe
    "C:\Users\Admin\AppData\Local\Temp\0a44fa3711ce257064344a6e4475dda668dc6ccde66003eb8863c3bf90ec63a2.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4736-0-0x00007FFB4BFC3000-0x00007FFB4BFC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4736-1-0x00000000001D0000-0x00000000001E6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4736-2-0x00007FFB4BFC0000-0x00007FFB4CA81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4736-3-0x00007FFB4BFC3000-0x00007FFB4BFC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4736-4-0x00007FFB4BFC0000-0x00007FFB4CA81000-memory.dmp

    Filesize

    10.8MB

    Download