asyncrat | 536-4617-0x0000000000400000-0x000000000051C000-memory[.]dmp

General

Target

536-4617-0x0000000000400000-0x000000000051C000-memory.dmp
Size

1.1MB
MD5

88dd408320c53d79bffc9fc98da37a9b
SHA1

b292da55245cc4a118987a2ac4649522a8775627
SHA256

5e4c459a764e7818f84feb12014666a102747b8243b7395dbcdfd557e8437014
SHA512

95f8dcf2ab7e2d224a766316ac5a13e334b25d7dd42cbef741a984ab89bf66b964c28bab2c999fe56eea2484eed987a323d78b6734ecc02b84ccf6b6d84d2ab2
SSDEEP

24576:3k2yETiWOxHM3RlyqYKbkZTN69HBaIj+HRtwpHERZ4OvG:bKVM3RluKbkC7j+HRmuZO

Score

10^/10

rat 默认 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

火绒企业版远程管理软件

Botnet

默认

C2

asdasud.xyz:8848

Mutex

域名

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

536-4617-0x0000000000400000-0x000000000051C000-memory.dmp
.exe windows x86

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

msvcrt

iphlpapi

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 352KB - Virtual size: 352KB

.sedata Size: 752KB - Virtual size: 752KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.sedata Size: 8KB - Virtual size: 8KB

.text
Size: 352KB - Virtual size: 352KB

.sedata
Size: 752KB - Virtual size: 752KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB

.sedata
Size: 8KB - Virtual size: 8KB