asyncrat | f20d42f5c2db1feca1bcf573558f24734bd6972f69eeabd86939c821afc44939[.]zip

General

Target

f20d42f5c2db1feca1bcf573558f24734bd6972f69eeabd86939c821afc44939.zip
Size

30KB
MD5

2298327729359993e2c9cea9bee6d3f4
SHA1

6da11a648caea9e3731e57bde3a4668db88ae7f1
SHA256

601a8d0a0ace4c7b565cc2c655ea5ab491e0e381596128f6a26bde78ad470948
SHA512

0c2e021a9d8f2adeea4577b6016d8eeb867d96363ef97e4c55175db38e0db855d210c6f4c98de00b08ac57985528e4d2151dcf77d18aeb14266fd05e3a2eedd2
SSDEEP

384:CeKqsS9MrVB811v1chTYDx+hBn9n2EnHDB75OB9k58fGzeJWUc8f+MTumb0:CepsprVcfnF+MuDBYff6eJr+MTumY

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:33901

spring-consultation.at.ply.gg:8848

spring-consultation.at.ply.gg:33901

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/f20d42f5c2db1feca1bcf573558f24734bd6972f69eeabd86939c821afc44939.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f20d42f5c2db1feca1bcf573558f24734bd6972f69eeabd86939c821afc44939.exe

Files

f20d42f5c2db1feca1bcf573558f24734bd6972f69eeabd86939c821afc44939.zip
.zip

Password: infected
f20d42f5c2db1feca1bcf573558f24734bd6972f69eeabd86939c821afc44939.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B