asyncrat | Gang[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Gang.zip
Size

19.0MB
MD5

42b5f3f01474fe143049d04a852e0318
SHA1

0e55a3772054382ddbd184efc59d367cae2d6c2d
SHA256

9a5be1e17ed8f6c384eca946eadedee3a6e67ba06d1af235100a7de7720eb4af
SHA512

b027cbcb229536b4823e0f7f8a0450fcbed067994735ee1c3830a309889aa5d6c640436ba05c20e8c3e8acabac161ceb04914de9954aafabc1464b041f88e43f
SSDEEP

393216:rtF9pi/1eyjr0g+NZDA2oOwpT4wLWHgezY+SzPpvDxCtNWXLLr:r9gH4BDA3T4wL0zrSzPp1SNKLr

Score

10^/10

rat asyncrat blackmoon nanocore njrat

Malware Config

Signatures

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
static1/unpack001/52867174362410d63215d78e708103ea.bin	asyncrat

Asyncrat family
asyncrat
Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/52867174362410d63215d78e708103ea.bin	family_blackmoon

Nanocore family
nanocore

Nirsoft 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/52867174362410d63215d78e708103ea.bin	Nirsoft

Njrat family
njrat

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

Processes:

resource	yara_rule
static1/unpack001/52867174362410d63215d78e708103ea.bin	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

Processes:

resource	yara_rule
static1/unpack001/52867174362410d63215d78e708103ea.bin	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/52867174362410d63215d78e708103ea.bin

Files

Gang.zip
.zip

Password: infected
52867174362410d63215d78e708103ea.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 22.5MB - Virtual size: 22.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 22.5MB - Virtual size: 22.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 22.5MB - Virtual size: 22.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B