asyncrat | 1d14f96d14799b7bbb0e2eca5f9455af[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d14f96d14799b7bbb0e2eca5f9455af.exe
Size

842KB
MD5

1d14f96d14799b7bbb0e2eca5f9455af
SHA1

90f7e5850e49eb3b228fc8034ebc315bc0362c75
SHA256

14b9907b487aa658faa3442edb4a65f72d47b88d94867172d6b97bdc281033fd
SHA512

8decb77e6191f3e867d26a1675f4cd9612151d85e078dd8b32b6904e6211b9994443cbffe12dbdfe1de7de72b736e3a272d28dd8d426d0ea1c9df036c7d95d8b
SSDEEP

24576:o0lgigeydVoNaXtdE2FOYHCqPkGgpXftxkz:dlSvsa9L7xl

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d14f96d14799b7bbb0e2eca5f9455af.exe

Files

1d14f96d14799b7bbb0e2eca5f9455af.exe
.exe windows x86

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 751KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ