asyncrat | asyncrat[.]zip

Resubmissions

25/12/2022, 17:48

221225-wdej3afa5s 10

25/12/2022, 17:47

25/12/2022, 17:47

25/12/2022, 17:47

25/12/2022, 17:46

Sharing

Copy URL Twitter E-mail

General

Target

asyncrat.zip
Size

9.5MB
MD5

60f2daf47f768b9cb27617df220516ad
SHA1

93acdf9fe13e4d72f17958b0309c74f5027e16d2
SHA256

d0620352e37834e441d47fe68839af198244790bcd7327aa0862dde39defc886
SHA512

0ed47788ebaeebaa11ecdcc881c43e1d51f4551d5c8c16143636f4129bbe36822e849fcef3052d72586ca66958bd79f80f3bfb3ae83d49890d1f2cb95d7a39d6
SSDEEP

196608:6K4jrfNpXw1c9EKSuQjzKCK/f5pRfHmSrEW/3ueoh3hqfZa:ybNkcyKBcFK/tfHm6fDqhqM

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

nasori.ddnsfree.com:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack008/payload.exe	asyncrat

Asyncrat family
asyncrat

Files

asyncrat.zip
.zip

Password: infected
__MACOSX/asyncrat/._.DS_Store
__MACOSX/asyncrat/._308f16cf7000655a28f21e6d159ac68740d6c8437b2a83baaa563912a2bf7a19.zip
__MACOSX/asyncrat/._c6dda31fa6cb4ce140f62c9ce604672fa4a9ba5d1792f2d77f3cfcb43b3227ac.zip
__MACOSX/asyncrat/._cd2c63e16f4c1e79e7763c278146acae54dca752c25ad46d47167f69d70d714a.zip
__MACOSX/asyncrat/._e5b7fd44374ca6eeab6de255d2f3a379dbef68a8fad0fc3aa34b746172a22758.zip
asyncrat/.DS_Store
asyncrat/308f16cf7000655a28f21e6d159ac68740d6c8437b2a83baaa563912a2bf7a19.zip
.zip

Password: infected
70488131ff53f7f73f351f27f86a10ce.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
asyncrat/c6dda31fa6cb4ce140f62c9ce604672fa4a9ba5d1792f2d77f3cfcb43b3227ac.zip
.zip

Password: infected
RustExternal_nls.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
asyncrat/cd2c63e16f4c1e79e7763c278146acae54dca752c25ad46d47167f69d70d714a.zip
.zip

Password: infected
SecuriteInfo.com.Variant.MSILPerseus.238084.18099.17658.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

x5CDBdn
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
asyncrat/e5b7fd44374ca6eeab6de255d2f3a379dbef68a8fad0fc3aa34b746172a22758.zip
.zip

Password: infected
payload.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 84KB - Virtual size: 84KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 618KB - Virtual size: 618KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

x5CDBdn Size: 6.3MB - Virtual size: 6.3MB

.text Size: 8.4MB - Virtual size: 8.4MB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 57KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 618KB - Virtual size: 618KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 12B

x5CDBdn
Size: 6.3MB - Virtual size: 6.3MB

.text
Size: 8.4MB - Virtual size: 8.4MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B