asyncrat | e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd

General

Target

e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
Size

22KB
MD5

06fb7cb5cffd57be6f12123ec580c3a1
SHA1

c90f12ae2750e6ddda21a9872aca52d39c36af1f
SHA256

9417ab864a13ed59912fa5aa340d29c86e8a8552e946174a1ca72cf79846c796
SHA512

6a71f9db208c017d8c3dd554a5051c02fab12e593ea97b55bb477d214ffa2307070bd4d558f97424e04c2a0fb6773c3883fd3020d5779d5e69cbd36c57e7e03b
SSDEEP

384:2vX0gbU/cL3K/k699hh5uGX9k/kTXcuLe0HzUvA6K0SUa975ah+q8QCZ3DmSj:2vE66Tw29lIuLdHzUY6oUa975ahd8QCn

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:51115

127.0.0.1:26993

127.0.0.1:19624

127.0.0.1:12336

127.0.0.1:18867

185.246.220.26:6606

185.246.220.26:7707

185.246.220.26:8808

185.246.220.26:51115

185.246.220.26:26993

185.246.220.26:19624

185.246.220.26:12336

185.246.220.26:18867

5.tcp.ngrok.io:6606

5.tcp.ngrok.io:7707

5.tcp.ngrok.io:8808

5.tcp.ngrok.io:51115

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
services.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
static1/unpack001/e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd	asyncrat

Asyncrat family
asyncrat

Files

e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
.zip
e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 42KB - Virtual size: 42KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B