asyncrat | tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

63KB
MD5

9d44b6409822b1252c74926f0e9358f5
SHA1

b9c99cc90ba0cded690437edc2cc0b46b404fde3
SHA256

062b2fb94e4a6fba37605b3019aaac261ef2e76e41b272031da6d9da6a6c1c40
SHA512

705eaaf621f83f8ca04aceca65dfc00059c8836722d9fbc8ab4428b258147c90aa27e2830fbb4153c66c626e0e733f103c3afe2a9941f244acd40e297b9d8d74
SSDEEP

1536:shN9YZUIXvHOyVG7ErWfasrhWnU6bp+v+RKr:NtHyUW7hIU6bp58

Score

10^/10

rat asyncrat

Malware Config

Extracted

Family

asyncrat

Version

2022远程管理软件1.2

C2

43.143.12.71:8848

Mutex

xcgyxhvtabffji

Attributes

delay
1
install
true
install_file
i4tools.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ