asyncrat | KaSr_uni[.]exe | Triage

Sharing

General

Target

KaSr_uni.exe
Size

63KB
MD5

40b8f3c578549c6844fec4ba13c71dfc
SHA1

ddf2e0a2c47bc4b2bc2405eb643ea3da117fc205
SHA256

9bc6f7078b4a80e7363336194ffccb04d646da487bb093775b3caefd224f7d87
SHA512

d15904201e1d4bc723c82eb40b7c90c3efdec073ed6f0a7dbae3590e55f098a15b8cabb6e902edc8398e8434d2c446ab8ddc11076c7fb0212ba23cbcd0f0d3a6
SSDEEP

1536:QhJ2nXvFHsHLhSNbfzYmdOpIYIbbTwEJn+G/tpqKmY7:OJ2nXvFHsHL+bbYutYIbbTBx12z

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.1.0

Botnet

Default

C2

31.192.236.139:3434

Mutex

KalaChowaMutex_alladin

Attributes

delay
1
install
true
install_file
WinService.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

KaSr_uni.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ