asyncrat | SEx[.]exe

General

Target

SEx.exe
Size

63KB
MD5

3ad3df2a2855599603ef72cddba7621d
SHA1

2cdfbf36623d37baab382995035094d2f40d1c31
SHA256

0c3e39231c15cc95f0c39ce9376d6ae58107f84f4a0f92ee8e3662eac4d5b457
SHA512

c9cdada95aaccf42e13ca8fa2fb4fe7ba3a1c0039630883c4e958fbc9df488d552bc68353f97e568c587ba761f62a9f0d8a0b424286e306bf5c9ee0004e6301c
SSDEEP

1536:AhIBLTM3Ufc0cMd7e5Q5Os4GbbUwBsFGGDpqKmY7:AhIBLTM3Ufc6da5QqGbbUgsRgz

Score

10^/10

rat venom clients asyncrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:4449

127.0.0.1:80

181.162.213.36:4449

181.162.213.36:80

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

SEx.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B