asyncrat | e81f079235a75b064ea503d86251f9f2[.]bin

General

Target

e81f079235a75b064ea503d86251f9f2.bin
Size

29KB
MD5

2546eb96f7fa8f0502c7e1a1f0b84cd8
SHA1

dd051dd4a09ee3dc28a943e83da8591e0d8ad65f
SHA256

4509eede4edbf2e3370c033b8fa68594a48433de451a935602e927963471877c
SHA512

416e00e4429f7c89bc1c18d116af7721ec99636362d1b57b90b126e0b477d271e865fc9b161a36b991f5f3a63005d4a4a8df1cb7c53c5234bbcb9d7369082e91
SSDEEP

768:0ZDeBEmFf1kqsmGDmHUvagopWSlXbaVa4QWebGcq:W+EmFfJzvWSlXmyx5q

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

false

Botnet

Default

Mutex

test

Attributes

delay
3
install
false
install_file
Apple-iTunes.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/db84db8c5d76f6001d5503e8e4b16cdd3446d5535c45bbb0fca76cfec40f37cc.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/db84db8c5d76f6001d5503e8e4b16cdd3446d5535c45bbb0fca76cfec40f37cc.exe

Files

e81f079235a75b064ea503d86251f9f2.bin
.zip

Password: infected
db84db8c5d76f6001d5503e8e4b16cdd3446d5535c45bbb0fca76cfec40f37cc.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B