asyncrat | 3904-149-0x0000000000400000-0x0000000000416000-memory[.]dmp

General

Target

3904-149-0x0000000000400000-0x0000000000416000-memory.dmp
Size

88KB
MD5

9f1bb7b3211035df1ff49db0a10f3333
SHA1

1de8258761d7f17093490994864e8cc3489e03c0
SHA256

eccfc1c1a737842ccce0d33877862277807ffb4e928edb06658e4ce536f0ab93
SHA512

bdee7a7b72c49d5f5566948b506dfca277987168b0cadcaba700b95b6c648cdd37d2b37611b18d95027ba7582c6bce7c3a16c053a8dc588f8b424da7fb641988
SSDEEP

1536:v21JpMrMCEy7OVRykX2z37DtN5EsfnN9heJJgbRDfu31BsbYCEISLWbx:v2jpMrMCEUEsfnNuTgbRD1YCEtAx

Score

10^/10

rat julho-2023 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

JULHO-2023

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:3313

127.0.0.1:3314

127.0.0.1:3315

127.0.0.1:9441

127.0.0.1:9442

127.0.0.1:9443

127.0.0.1:2900

127.0.0.1:5505

127.0.0.1:8888

127.0.0.1:9999

127.0.0.1:6666

127.0.0.1:5155

127.0.0.1:5122

cdt2023.ddns.net:6606

cdt2023.ddns.net:7707

cdt2023.ddns.net:8808

cdt2023.ddns.net:3313

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
ArionUpdate.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3904-149-0x0000000000400000-0x0000000000416000-memory.dmp

Files

3904-149-0x0000000000400000-0x0000000000416000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 62KB - Virtual size: 62KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B