asyncrat | tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

47KB
MD5

8700902b1550eae8224d51ba891e5397
SHA1

38b519d1cb350accd8d85bd61f9a5f12587895f1
SHA256

d027402e7783be2bdb5de4c8259512ac4b615b49fe9821b7f129e95fed4a680a
SHA512

109a7cc08308ed4ccf9dac6c514dd77e0046c547e71cae49d7220ecc39beed675f154b5a27d688324d4f8b94d5981e00b299eb0ed03b8b0661b4196c911221c3
SSDEEP

768:7ukJVT3ongoWU2zjimo2qrhGxC5UPIN0QbS90bS/dFw/iU6H4wuesMqVP0JBDZkx:7ukJVT3QR2sN0QbSabS/dFuiUE3VQkdm

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

aslavazgecme.duckdns.org:1000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ