asyncrat | eb66d5172f0c909b70365febfb9bbe713d58bc4ae104251972a565fea095487d[.]zip

General

Target

eb66d5172f0c909b70365febfb9bbe713d58bc4ae104251972a565fea095487d.zip
Size

9.3MB
MD5

9392f64dcc212c2b4d6f0d09cca8c301
SHA1

8fe21043920880ba29187c1e159f6f85575263df
SHA256

08225970749ac30bb6bcc186acb2112be6fdded9cb2b7329ab36a7d76ee4e958
SHA512

1e1bf72d1f49a2d7c23c552dbdcf8aa88a521b5cdbb8d6371c598f7a3de1e0d39d20b471f02ac9c792c8705a11e581e6ba346226a1aba517daa8226ea3faaad8
SSDEEP

196608:RnDNjr2w1RkhxbJLQ8+pXFMnzeFq/wl+qWc+Zy9A1:RDNuwPkh08fniFPl+ocn1

Score

10^/10

rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/eb66d5172f0c909b70365febfb9bbe713d58bc4ae104251972a565fea095487d.exe	asyncrat

eb66d5172f0c909b70365febfb9bbe713d58bc4ae104251972a565fea095487d.zip
.zip

Password: infected
eb66d5172f0c909b70365febfb9bbe713d58bc4ae104251972a565fea095487d.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16.6MB - Virtual size: 16.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ