asyncrat | HEUR-Backdoor[.]MSIL[.]Crysan[.]gen-75b757d8dc23d5a[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Backdoor.MSIL.Crysan.gen-75b757d8dc23d5a.exe
Size

45KB
MD5

c6d46f1a3b191b0560cf807a95a374aa
SHA1

a9c96783d84c7209c21326addc2d16b8f93b3156
SHA256

75b757d8dc23d5a353eaa4851f8aa54b0401a7718e837ba8f555d9163b45832d
SHA512

547f80be5eea53d70f80307261a31360d22c6d56e2c1cc584ed4df0e7d922f95c06525548cdc769333d04ec51c1d22903c93e56715665e9f19fb04ddb172b3a1
SSDEEP

768:duiGNTdFHLBWUZiGrmo2qrS08eaKsRiDPIwzjb0gX3izrqq7ml8MBDZeu:duiGNTdBR2hJiMw3bbXSUdeu

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

HEUR-Backdoor.MSIL.Crysan.gen-75b757d8dc23d5a.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ