asyncrat | javaw[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

javaw.exe
Size

63KB
MD5

772dbc4643d6ea936549ff03b877d71a
SHA1

5a51847c78ed79cfd8e447f8dc5c36981014c523
SHA256

7eb67e2bae7a8330b56064529b460a449cea5976d3483e7e971f017db1c43879
SHA512

324a17231b7937b2635a47017abce8e3c915d137b75e19f2a9197dfc1297f18978c25a7b4f00cec78cc3800a1b6b207ec8dc7416f03e0f50773a381c092c9918
SSDEEP

1536:m5UdjvpYcRVSQxZFeeiIVrGbbXw7lq2vaHGj1pqKmY7:m5UdjvpYcRVJZ4eXGbbXF2JOz

Score

10^/10

rat java asyncrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Java

C2

northem.ddns.net:5553

Mutex

Java

Attributes

delay
1
install
true
install_file
Javaw.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

javaw.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ