asyncrat | 1006[.]exe

General

Target

1006.exe
Size

225KB
MD5

883784a3500e2389e6e1816696dba87b
SHA1

f4364ff100c016d5cf78a3a4e3bedb287555f2ce
SHA256

0373eb783358fbf3b810fe1156efffd5847913c62db0e6c690e802300a5640ab
SHA512

f5d4d508dfeee159d339b9833d8128a6486b866639cd5dcba381b873188c3a6e643961477e723e38d100c3a5b47b0c83499e18504b1a6e5f5e68a73bf01e73f3
SSDEEP

3072:/+STW8djpN6izj8mZwgWDZ5IRN9MBQVahUbBEgDzazaLEV55NlmwXcFOC+UX6+WO:08XN6W8mmgqQMhUbOKEV55NlXkOI

Score

10^/10

rat default asyncrat stormkitty

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6154715708:AAHDKp_4g6Ye1lnxUlsJvFSuNl2Zm6A__-E/sendMessage?chat_id=1165040754

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1006.exe

Files

1006.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 223KB - Virtual size: 222KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 223KB - Virtual size: 222KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B