asyncrat | ca76c9ec057fc8e8444efcb9ebedd10b[.]bin

General

Target

ca76c9ec057fc8e8444efcb9ebedd10b.bin
Size

23KB
MD5

83a6ce197bd4821b86d22ac176ce85f9
SHA1

bc3c91d2bb5cc758bcf47a8ab7034fe452b07dbd
SHA256

17bb92978d9f16007bf8b04d08f3c24c6b22bd3764d4857d5b30c10ad58e2702
SHA512

f402445dd2c1de79db1c5546e7408d0823ec9e566469a0e8b076a5591f0e6d46c3a07f44e7d1d2337367408d941f1277718683dbe9429907c82c0821659a956e
SSDEEP

384:Yy94/My83Xj1q9RgvzoBER464MZol/IyTKlzt48imj4ADyzlO587AKH9w/Nx:Yyu/MBHjM07I+4+ol/9TsttTpez5AKdI

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

newera2011.duckdns.org:3000

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/125dd7c60a92cde3cb69feff3100daff817bd1e7f69d027d94d245dc05abf9c6.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/125dd7c60a92cde3cb69feff3100daff817bd1e7f69d027d94d245dc05abf9c6.exe

Files

ca76c9ec057fc8e8444efcb9ebedd10b.bin
.zip

Password: infected
125dd7c60a92cde3cb69feff3100daff817bd1e7f69d027d94d245dc05abf9c6.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B