asyncrat | nabeel is adasdas[.]exe

General

Target

nabeel is adasdas.exe
Size

63KB
MD5

e8010afcc76c30b577a0a79109de0bba
SHA1

ba2856437e41cd63ba8fb776d4d1f0cc7f2bdacb
SHA256

73beb5be671e2255a5ae60dae202001e047edb58c7ba1851cd68e63d0f0469c4
SHA512

b3f7e645beb730bd6ad2bad45f8ca50fcca54bed5a33dff32c2eb587b08a5e39e96302cf59db785cac4b85eaf58ab709c386d7683c43d909d07cb0c3859d6cb2
SSDEEP

1536:rBeLvAdswPuCn3eSderSGbbIwIrKAaGuDpqKmY7:rBeLvAdswTn3ew/GbbI5rKlgz

Score

10^/10

rat venom clients asyncrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

wasted9sss1-51443.portmap.host:51443

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
true
install_file
System32.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nabeel is adasdas.exe

Files

nabeel is adasdas.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 59KB - Virtual size: 58KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B