asyncrat | f9391638fc3c6dec9b7319d1c8adeebb[.]bin

General

Target

f9391638fc3c6dec9b7319d1c8adeebb.bin
Size

32KB
MD5

50a4d285c129510011901a28aa5fdae5
SHA1

c005f0b0ef2ac1bf4c0f801c82fbb75b90f52bc2
SHA256

6c7db1f501467fa6f655664eab732b8164d754af005c65440abab701653bca33
SHA512

d7ca7464bde8498c20426771386d5504cf294a128149a301ec0ecaefc57e2165340b670ecb7b60a6a415d832635713354017d9c9f0c35bd89c0f7cbbbd7d9471
SSDEEP

768:2Ej1LPCrKzCRci4loLvtftZU7gZCOxW88oSXRvQ0PhnDEUs/0egC6zmX:XjVPPC+xoZftZbZHxWMSD1Dbs/0egFmX

Score

10^/10

rat venom clients asyncrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

138.197.66.62:22256

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
true
install_file
Match-Ventures.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/1a9ad5f2a8a4cc93a5244200d46288948daec3ae9387d5fc66799d52d77a587c.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1a9ad5f2a8a4cc93a5244200d46288948daec3ae9387d5fc66799d52d77a587c.exe

Files

f9391638fc3c6dec9b7319d1c8adeebb.bin
.zip

Password: infected
1a9ad5f2a8a4cc93a5244200d46288948daec3ae9387d5fc66799d52d77a587c.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 12B