asyncrat | e390b2bca53a5f3cccb7c9d88649be28[.]bin

General

Target

e390b2bca53a5f3cccb7c9d88649be28.bin
Size

23KB
MD5

7fac7b7b9824f197ddd7a859544aae7f
SHA1

6e6aeef2d526c1afd94b9ddc86a025d46f49159b
SHA256

87623be8ea7155f32f333a9a165f7fd5249a5d3b4be7c4fbf3293303b4698899
SHA512

f62aa42d0379cbdef287c5b88bfee88948e380cc4c75508b9cf506847c34a9a3c58287bf038ba7706eaff82d413a7e201f878bbd08ee658523e0a7384ada5b33
SSDEEP

384:X0kqhh9wHoAsU2WcXec+SuzPZri5rHv8hV5WIidcrscOkZgHMy3au+9UPon7vyqN:XQhh9wHoz3+SCdWUhHBicOkZWaHUArv

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:8858

127.0.0.1:8989

thwit.ddns.net:8848

thwit.ddns.net:8858

thwit.ddns.net:8989

Mutex

DcRatMutex_qwqdnachun

Attributes

delay
1
install
true
install_file
..\..\..\..\tmp\svchost.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/fa113db48017bf0f7f3d2d34afb8001a1451714986141b003657e799ef9e9324.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fa113db48017bf0f7f3d2d34afb8001a1451714986141b003657e799ef9e9324.exe

Files

e390b2bca53a5f3cccb7c9d88649be28.bin
.zip

Password: infected
fa113db48017bf0f7f3d2d34afb8001a1451714986141b003657e799ef9e9324.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B