asyncrat | Malcat_v0[.]9[.]2_Win_&_Ubuntu (Malcat (0[.]9[.]2-2023) binary analysis software Windows & Ubuntu)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Malcat_v0.9.2_Win_&_Ubuntu (Malcat (0.9.2-2023) binary analysis software Windows & Ubuntu).zip
Size

104.1MB
MD5

b2f05e49e64afabebe2b350c2b6409aa
SHA1

b8c2aed95263fcccd590caa50526e9127a6d52f9
SHA256

e667ca84d761eb07f72f4cb423a3ab9e8b55e958288be848d385b27621195949
SHA512

c7243d1ab6b1ce3e2d91c775fce8d7e9b0cd7a1bbe87fe6cd35cff1ebf2dd3302467093898208e311eadac039d7f2f92049499b1c74a5c38c29fbedfb2949d32
SSDEEP

1572864:gb6Ca88xyH/NOeh8KivL0eN/uu7r69LpPp075sJbz2Dc48ykiB9jh94WBIy/+7QO:s6BFw/N9+bL79Gpm7cP2DDxP9NP8ZXpx

Score

10^/10

upx rat default asyncrat stormkitty

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5344934242:AAF3rLeFDCGd-IVKJG_PU99MSQjdKyNgeR0/sendMessage?chat_id=1619136628

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/Malcat_v0.9.1_Win_&_Ubuntu/cracker.exe	asyncrat

Asyncrat family
asyncrat

StormKitty payload 1 IoCs

resource	yara_rule
static1/unpack001/Malcat_v0.9.1_Win_&_Ubuntu/cracker.exe	family_stormkitty

Stormkitty family
stormkitty

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Malcat_v0.9.1_Win_&_Ubuntu/Malcat_Keygen.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Malcat_v0.9.1_Win_&_Ubuntu/Malcat_Keygen.exe
unpack002/out.upx
unpack001/Malcat_v0.9.1_Win_&_Ubuntu/cracker.exe

Files

Malcat_v0.9.2_Win_&_Ubuntu (Malcat (0.9.2-2023) binary analysis software Windows & Ubuntu).zip
.zip
Malcat_v0.9.1_Win_&_Ubuntu/Malcat_Keygen.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malcat_v0.9.1_Win_&_Ubuntu/anonymousdevilsec.txt
Malcat_v0.9.1_Win_&_Ubuntu/cracker.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malcat_v0.9.1_Win_&_Ubuntu/malcat_ubuntu22.zip
.zip
Malcat_v0.9.1_Win_&_Ubuntu/malcat_win64.zip
.zip

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 220KB

UPX1 Size: 12KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 684B

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 512B - Virtual size: 88B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 167KB - Virtual size: 167KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 220KB

UPX1
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 684B

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 512B - Virtual size: 88B

.text
Size: 167KB - Virtual size: 167KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B