asyncrat | 9345D562F0D76585FF120CFFB66D4798BBC828F4ED915[.]exe

General

Target

9345D562F0D76585FF120CFFB66D4798BBC828F4ED915.exe
Size

47KB
MD5

b25177d94eb0b6b5c575ae36be7b75ed
SHA1

8590f116464550fbb32490fc183220ae395699fb
SHA256

9345d562f0d76585ff120cffb66d4798bbc828f4ed9156bb79f283cfc0bc7da7
SHA512

af90f0f36678bc030b1f4901a15d302725bd9a7be1441a5e68736cfcef83050c77822df88389de77e8abf3fe05ba4734fb5d5bacae6f9192177e08942cc96bf8
SSDEEP

768:7u6XdTvER+SWUkzP4mo2qb0wAJcVrPIMYVPINBk0b0nSk/Tlmghgej4qMJwBDZkx:7u6XdTv2V2lwSceMYVwXHb0h/xmWaOdm

Score

10^/10

rat via asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

VIA

C2

64.56.68.152:8888

Mutex

VIA

Attributes

delay
3
install
true
install_file
VIA .exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9345D562F0D76585FF120CFFB66D4798BBC828F4ED915.exe

Files

9345D562F0D76585FF120CFFB66D4798BBC828F4ED915.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B