asyncrat | bPzi[.]exe

General

Target

bPzi.exe
Size

47KB
MD5

4a508c2b7ecc58143b347ad184bf47cf
SHA1

5c5121725c037601de85a17c6fc5a9c5e63a73ae
SHA256

c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487
SHA512

737a0dcc4d2bf2e162176756fcdf80cb32fb20eb06d48ecd203bdab1eaf9bdf1c123cf7afb86781b8cff768879b4f1a83f224ea9da58840e3affbf87b4c3f12c
SSDEEP

768:0q+s3pUtDILNCCa+Di2G7AXPwxa/P14c9nP5i49Ybigentz1l2zoEOvEgK/JTZVS:0q+AGtQO2GUXoa/P/HGbF0Z1l2UEOnkI

Score

10^/10

rat pijao 4 sept asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

PIJAO 4 SEPT

C2

16agostok.duckdns.org:8004

Mutex

DcRatMutex_qwqdanchunfdsaf

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bPzi.exe

Files

bPzi.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B