asyncrat | file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

143KB
MD5

a28038e031eeff1996f7b0040ba40487
SHA1

fe80c042e5b20cd00f90cdcab9ff4479a49bcd5c
SHA256

e1c703f3c6da6029076e959d500aed7d9f104d258d22381eafc8fd8b9ebdae00
SHA512

5834ed9b5d66522b82885482cf45e58d4c2c44b2b42bdc12a4af141e8f5a54024f4cb723c0c1e94978d5031d64872937d5c88a01f9d371d9f8a9c67f6ed78908
SSDEEP

3072:G3YO5kKdXRRurjsL/Tuny9b34GZIKRWpgH3pf2z:qYOV+sTTgy9boLZ

Score

10^/10

rat asyncrat stormkitty

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ