asyncrat | tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

334KB
MD5

359383060cf25cf1a8ba96bb8f447743
SHA1

5241d0ed7fc40f792e5d6a679a0a782590b3780a
SHA256

ed78bf967549021cc7b653237755ba482b76e3c66c9868f4565c4db115bef0ed
SHA512

d61fe15b6d12f0d18b7d4e7fc590fa9ee2f7c36c9876d42f0051eda59d039ab7ace87f9a1cca119b415ada99c51a3023e8f41455af8be31a2fc88f3878bcbfd9
SSDEEP

6144:6k2yuOugzbX9uKQ1wMNo1cQ3qbKxGi5U7xohQsZR/9ZBO6ep0I0pNtw:6k2yukv9ut1wMW1p3qbKxGi5U7yep0If

Score

10^/10

rat 默认 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

火绒企业版远程管理软件

Botnet

默认

C2

127.0.0.1:8848

43.140.202.229:8848

Mutex

火绒远程管理

Attributes

delay
1
install
true
install_file
win.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ