asyncrat | 2f9cb5bfba56843d0cf9912702c4f22c[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f9cb5bfba56843d0cf9912702c4f22c.exe
Size

47KB
MD5

2f9cb5bfba56843d0cf9912702c4f22c
SHA1

db36db6c23a121b34f3403258fa387e00c90611c
SHA256

28c3324e306150c1d8c38d46a602376d795a94cea273817f7c4125cccee14475
SHA512

d6e59595add5e79078d50d47c37b0de5c9b4d1489d934500aac245529dc39a8103e16e4b64995696baccd7811a1818ccfcb8669ac9129fabaed8bcdae4d5eb71
SSDEEP

768:M/IB5VILWCyh+DiWtedCnpN+iV08YbygeDSqv/EgK/JltpqKYhY7:M/MNWtyCj4zb1QSC3kJltpqKmY7

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

g8787.ddns.net:8848

Mutex

DcRatMutex

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

2f9cb5bfba56843d0cf9912702c4f22c.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ