asyncrat | shadow[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

shadow.exe
Size

74KB
MD5

cc44a2c0c6c448fdbf4dd4a9aef9e93c
SHA1

a4ceca015222baca78ab8541c259b16fe48c741e
SHA256

43e27c1f010f67ff8fc0a037693bbadbd7f78e9cbfaea03473dae9d167b573a4
SHA512

e40ebb8fddaed640c683bdc1734c573bfd131ca9c19cd4fe5567bf859d6fcdee82b606b0dd52624258dcc32dc17c4aeeb5216c34769e97cd4cf0461a577cc652
SSDEEP

1536:+U12cxaSOCHbPMVimBzOIb6MIWH1bW/EldQzc9LVclN:+UIcxabcbPMVimBzOIbrH1bWMQ8BY

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

Default

C2

209.25.141.180:4449

209.25.141.180:7878

209.25.141.180:28818

Mutex

pozfvnbosf

Attributes

delay
1
install
true
install_file
service.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

shadow.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ