asyncrat | Client[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client.exe
Size

48KB
MD5

27a92706597ced200283c23f4c72c69a
SHA1

e040815890255bdd016476701a1bf80b396d96b3
SHA256

2068148d7a2de3b1de148ee7e761030d2c0f8851006b83b1eb785347b26ca9fe
SHA512

861f250b327159d23927c81e5ca3c1ef67b40e49af0fa7bfb2b2317bb5bac76da335359a1b19f43fa4df0cfe4cc0989dbfdd1405f0cd2a6da8eb87d9c859d017
SSDEEP

768:YeNIr/GoWvj1jGXc5dhcpMACI1hEO0byFgLunhlxmVH0CFiSl2lUfEYDDGR2tYch:Y8GdM88hbyumhp2illUPDGRKmVcl

Score

10^/10

rat asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6B

Mutex

wkrewrabzccdzqknvcq

Attributes

delay
5
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/aEid41SM

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ