asyncrat | tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

65KB
MD5

a2e1491d43adc649ff8713dc1340164f
SHA1

18b2357507af4420d1fbb1ae0396c2353b50b63b
SHA256

5803808e63be769a05852f4c79a1faff87b10187d30a4746f04707610878adf5
SHA512

ba775d9db8e83e598aacdf6ab0925a638a332402a0ea037f6941f11f17c0149b0431ed7fa8c375c7ff09d0e71de9c4115ce9846636bd208beac12b02e7e16f0b
SSDEEP

1536:KZn6AVsIQzn/BNZT4CP9uTgh5wxo1LKnCwuf5bbsIxRJCVS+asVNpqKmY7:KZn1Qz/D4Wf5bbsIxKVWz

Score

10^/10

rat venom clients asyncrat

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT_HVNC 5.0.4

Botnet

Venom Clients

C2

66.168.88.41:4444

Mutex

yduzlxntkltb

Attributes

delay
0
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ