asyncrat | b7d4b9e9051e99ad6b53905d98e6a2f29eb7c25a012fa7fc1e6e546761a538ec_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b7d4b9e9051e99ad6b53905d98e6a2f29eb7c25a012fa7fc1e6e546761a538ec_JC.exe
Size

305KB
MD5

a824d5ae995e025f951d2a04792c7307
SHA1

d0e9c86d9875d0bb3bae347420d827bb739a8d56
SHA256

b7d4b9e9051e99ad6b53905d98e6a2f29eb7c25a012fa7fc1e6e546761a538ec
SHA512

765ab7457d7c7b84cd6ce881eab8f3a3b7485a9dce0dd7b94c13a0be0563e27bcc0af0d0f829cc94cefaf3ec1f810c39f2dfaaabe7d63783c80d08c330e57a8e
SSDEEP

6144:2TiVSIllyI/bi13ow+gidaC4akQT9rJGyUg7hdC81PQ0okbIx:2TiVPrJ/Vw+giIcjMnPx

Score

10^/10

rat asyncrat blackmoon

Malware Config

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat
Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7d4b9e9051e99ad6b53905d98e6a2f29eb7c25a012fa7fc1e6e546761a538ec_JC.exe

Files

b7d4b9e9051e99ad6b53905d98e6a2f29eb7c25a012fa7fc1e6e546761a538ec_JC.exe
.exe windows x86

8496a2b6c2c34c25fa1b98e929fd1485

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalSize
LocalFree
LocalAlloc
GetSystemInfo
lstrlenW
lstrcmpW
lstrcmpiW
RtlZeroMemory
VirtualAlloc
VirtualFree
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CopyFileA
ReadFile
GetFileSize
CreateFileA
WriteFile
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
LCMapStringA
MulDiv
GetCurrentThreadId
lstrcpynW
RtlMoveMemory
GetModuleHandleW
TerminateProcess
OpenProcess
Process32Next
CloseHandle
lstrlenA
Process32First
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
SetFilePointer
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetProcAddress
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
GetVersion
WideCharToMultiByte
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
CreateToolhelp32Snapshot
MultiByteToWideChar

user32

PeekMessageA
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMessageA
GetMenuStringW
TrackPopupMenu
SetForegroundWindow
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuW
GetMenuItemCount
DispatchMessageA
wsprintfA
MessageBoxA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
GetMenuItemInfoW
CheckMenuItem
AppendMenuW
DestroyMenu
LoadMenuW
CreatePopupMenu
CreateMenu
CharLowerW
CharUpperW
RegisterClassExW
LoadCursorW
LoadIconW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
DestroyIcon
EndPaint
FillRect
BeginPaint
DestroyWindow
SetClassLongW
ReleaseDC
GetDC
RemovePropW
GetPropW
SetPropW
MessageBoxW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
PostMessageW
SetWindowPos
MoveWindow
ScreenToClient
GetParent
UpdateWindow
ValidateRect
InvalidateRect
GetWindowRect
GetClientRect
GetFocus
SetFocus
GetClassNameW
GetDlgItem
GetWindowLongW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
SendMessageW
CreateWindowExW
UnhookWindowsHookEx
SetWindowLongW
SetCursor
DefMDIChildProcW
DefWindowProcW
GetAsyncKeyState
CallWindowProcW
IsWindow
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
GetMessageW
CheckMenuRadioItem

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconW
DragAcceptFiles
DragFinish
DragQueryFileW
StrStrW
StrCmpNIA
StrStrIW
StrRStrW
StrRStrIW

gdi32

DeleteObject
CreatePatternBrush
CreateSolidBrush
GetObjectW
CreateFontW
GetDeviceCaps
GetStockObject

shlwapi

StrTrimW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8496a2b6c2c34c25fa1b98e929fd1485

Headers

File Characteristics

Imports

kernel32

user32

shell32

gdi32

shlwapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 94KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 94KB