asyncrat | 3724-183-0x0000000000400000-0x0000000000412000-memory[.]dmp

General

Target

3724-183-0x0000000000400000-0x0000000000412000-memory.dmp
Size

72KB
MD5

ace300904a25074bbe958c4e6fc443c6
SHA1

ef6cc710010ab50a5f9165ba84d64951adf7480a
SHA256

e7561bdaee6951e1d9531042a2c4eba7eb57559e4ce465a3627880193e9dd409
SHA512

a956ba59c836a4a2cc02900d8e0d7b6b8274ba50db4eb1622abaf4b92e165acfcb638ce290c26bf8ca33cb069f84aec6d422be26515d2ed152c9ab82aec3df29
SSDEEP

1536:Pug4NTRQDF2X1pZXi3b5Q9QT8BsjxMd3x:PugUTRQDF2lLXi3b5xIm1MVx

Score

10^/10

rat iokn asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Iokn

C2

grotomnipobell.zapto.org:1515

grotomnipobell.zapto.org:1717

zockrellemile.sytes.net:1515

zockrellemile.sytes.net:1717

Mutex

AsyncMutex_6SI8OkPnV

Attributes

delay
3
install
true
install_file
nsri.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3724-183-0x0000000000400000-0x0000000000412000-memory.dmp

Files

3724-183-0x0000000000400000-0x0000000000412000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B