asyncrat | 1124-55-0x0000000000AC0000-0x0000000000AE2000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1124-55-0x0000000000AC0000-0x0000000000AE2000-memory.dmp
Size

136KB
MD5

5508715f9c3b1ff94fb6f56eb5894180
SHA1

32d43900b0a0f2819c13c99bf697149e6fcf6a26
SHA256

bddf156661793fe7247629c3a3ed2b91c46c9e60a4d3b18a387951f009156d81
SHA512

9eeb813cec29852f32c49da6fa589086a460d23f04b7c8dc4ae87acef6f3b6009b64cebcd79d34cd845ca00f13c8c51cf5fd523bdad9fe3c6ed26be05e26ac5f
SSDEEP

1536:qs+c9Uxe+2x4RTrDRHRxp0WgnxOFEaw8sZclcYA4oH1vrMRbhc+6PI/oS8jjCLgv:h9Uc4RPDRGtxdcmfdVTMRbhcFIQU8

Score

10^/10

rat https://api.telegram.org/bot asyncrat

Malware Config

Extracted

Family

asyncrat

Version

WinBioPlugIns

Botnet

https://api.telegram.org/bot

Mutex

296534285534

Attributes

delay
20000
install
false
install_file
notepad.exe
install_folder
VisualElements
pastebin_config
https://www.youtube.com/

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

1124-55-0x0000000000AC0000-0x0000000000AE2000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ