asyncrat | a3d9894472bd78a131865fa6e9c4159e[.]bin

General

Target

a3d9894472bd78a131865fa6e9c4159e.bin
Size

23KB
MD5

5ba6c1142464ddce27bcfcb66e3c443a
SHA1

492cd0a703b085d490195e86ecc5fb87e928460d
SHA256

6cdca375441ca8688987dd17a3a2efd11c8b3819b03708bd4663068d4227d786
SHA512

e2c7beee11ceb5cbedad4d4aa69e14f72372d877afd1bd8bcd262e3df87bf1f33a7d86728e59ed8324b236ba7818e164791af9aaee7d56e1a72e6c1cca79c837
SSDEEP

384:aVrpsQzmuYz7+k0LrRCx2lqJyyrJ/BWmiggGOOWnRaZQqdsLXUqaRUZNHbgZHd:aVrpsQU+kxmqXNixOVQR2RU/7gZ9

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

64.235.61.43:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/a42171a6f32370b23364b70b7340474aa12e4b6e89d588b324d1c3b9ff8b2e1a.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a42171a6f32370b23364b70b7340474aa12e4b6e89d588b324d1c3b9ff8b2e1a.exe

Files

a3d9894472bd78a131865fa6e9c4159e.bin
.zip

Password: infected
a42171a6f32370b23364b70b7340474aa12e4b6e89d588b324d1c3b9ff8b2e1a.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B