asyncrat | 1260-58-0x0000000000950000-0x0000000000966000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1260-58-0x0000000000950000-0x0000000000966000-memory.dmp
Size

88KB
MD5

0a54497159d6c3793bff2d276de1973e
SHA1

77d3d613cc9649c26c77869a503a2ed693a51ad8
SHA256

a32f393c9d925692c12522967ee29b69c87e1f8e445de218ff2554810b4330c4
SHA512

9d98324610509eb9db5eaaeb201d2b0ca170e63ac83ef07da39479106801e581607d2f7ea1a5df9e3f29003bd40db26148fd289038415875c9b3d27c74d82c8c
SSDEEP

768:/3qCMyc0l8ARaWS1gnKx36ZBZw5X5vocpOdkSHYrn2SCnHmBb41pp8U1oknCfcGi:/3q3N0l8/myRocgH2L+6be8OCAISsZI

Score

10^/10

rat asyncrat

Malware Config

Extracted

Family

asyncrat

C2

192.168.10.78:1234

Mutex

火绒远程管理

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

1260-58-0x0000000000950000-0x0000000000966000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ