asyncrat | tmp | Triage

Sharing

General

Target

tmp
Size

124KB
MD5

5284960dae2439c297f945715ae10c36
SHA1

b4be5b314fe573fb14d6074ba795ddd8fb78d944
SHA256

accc29c7af47c1a42e7646a93b347f73fbb14a7a20177f3aad80ab26f4c819f4
SHA512

a6259cc4b121d4b918490de6f6dcbaa9740f67174dadeef0965b8ba53fd196d2332a0b5d4fcf00d2da62b1e7ef095fb5b2d5dc57aecad6a3f2681475177dd3e6
SSDEEP

3072:CuwGToVS2YFWt4bQa4tqsU1FJ+yC3pwRb6JPqB604Hgy7hRCd39vie:Cuw/fVt4bjCVJyB60OgyLC7vr

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

kadumello.ddns.net:1194

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
wermgr64.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ