asyncrat | 78fe34aeb7f09d2ec138ad164f3db724[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78fe34aeb7f09d2ec138ad164f3db724.bin
Size

29KB
MD5

81c5dc769a5f24f2ddec55e83d3d41ed
SHA1

ff55144e82a3023ca49c604cd46848af8a14c93d
SHA256

293fbcd5f7d7198422db7b1663428d1d232889f96965a5c0d153d22aba2db762
SHA512

ad94e7f7897954f119c690c8134e66f827003ea88c8d0d698eccd2b4d2e549b2d9c0006693ffab96354cf02512b58f395738001409139ac353239b383b2e2d44
SSDEEP

768:Y6F5ofRVgn3txUOscwFnMjZ+/pgCa+UnGidvCLA1oKPlEKkf:bF2Vg3Plxwij0/pgqidvCLRCO

Score

10^/10

rat asyncrat

Malware Config

Extracted

Family

asyncrat

C2

43.139.124.22:6666

Mutex

火绒远程管理

Attributes

delay
1
install
false
install_file
qfftgh.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/61e9ed29484b8aaa84f3a4059e632ffd19b4d852c47e769394b6c2c2b9272b5b.exe	asyncrat

Asyncrat family
asyncrat

Files

78fe34aeb7f09d2ec138ad164f3db724.bin
.zip

Password: infected
61e9ed29484b8aaa84f3a4059e632ffd19b4d852c47e769394b6c2c2b9272b5b.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ