asyncrat | 1576-135-0x0000000000400000-0x0000000000412000-memory[.]dmp

General

Target

1576-135-0x0000000000400000-0x0000000000412000-memory.dmp
Size

72KB
MD5

401e6e28b1bb61d651e9f7910de8716a
SHA1

af22b885fdc489b8dcaf07c2f27766e665d9dc14
SHA256

ce7360e24ef252be4d6cde12541628a0c74ea6b503a416f6733ce3ae86b0b624
SHA512

f1a5ae3dfd2d287b57e1cb8e75b865c1a328e1887634c6624c6bfac577681b4c48c6fa77f36d40cd14e09a66ee6d906005b2984eec9b95f1f3e55107a942f76b
SSDEEP

1536:Pug4NTRQDF2Oog8Xb3bBX5misJ+Gwid3x:PugUTRQDF2jFXb3bBkispwiVx

Score

10^/10

rat dxgroup asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DxGroup

C2

flurrybeatmecamtest.ddns.net:6767

flurrybeatmecamtest.ddns.net:4141

flurrybeatmecamtest.sytes.net:6767

flurrybeatmecamtest.sytes.net:4141

Mutex

AsyncMutex_6SI8OkRtG

Attributes

delay
4
install
true
install_file
mrec.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1576-135-0x0000000000400000-0x0000000000412000-memory.dmp

Files

1576-135-0x0000000000400000-0x0000000000412000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B