asyncrat | bPbj[.]exe

General

Target

bPbj.exe
Size

55KB
MD5

ed5fffedbd9f4d1992eb4b0f4946adc1
SHA1

368ca02c6ceab1064a0950cb412a33032910fc87
SHA256

5a9ec62bfda4c828f3f5a2af58432a51282c0a9b88a6129a66d5f129e82ea265
SHA512

ba5f9dc7410b77a056478b92ebddf71198810a93df38520fcc97c65f63583f83d4037e5d1a7e05ccfac18f0f165aee47fe1a1f2cb46b695226e226e28101b6ab
SSDEEP

768:/u/6ZTgoiziWUUM9rmo2qrLwqRKkPISzjbFgX3i7DDb8z2CaFOnHCJmEYQ9BDZwr:/u/6ZTgle2jS3bCXS7Tr5AWznTdwr

Score

10^/10

rat kangal08 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

KANGAL08

C2

4Mekey.myftp.biz:6606

4Mekey.myftp.biz:7707

4Mekey.myftp.biz:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bPbj.exe

Files

bPbj.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B