asyncrat | NEAS[.]2829371bb0133bd7580b28a8a2d4457702e93bd7008cb079349663d9ca022986exe_JC[.]exe

General

Target

NEAS.2829371bb0133bd7580b28a8a2d4457702e93bd7008cb079349663d9ca022986exe_JC.exe
Size

47KB
MD5

98d26b8d979aa4bd5496287bcc45fbeb
SHA1

16a3cef97347f1a19c80f2198e9fbab87054ae19
SHA256

2829371bb0133bd7580b28a8a2d4457702e93bd7008cb079349663d9ca022986
SHA512

c7d11bd41091f3ecec136382a9e660db7b2897c8ccb7b69c2a3fc34c606a235fcbf0aa7044f70cb3b0ccb185510383bc5c88afee10b35d00e8f4f421b99a71a3
SSDEEP

768:0q+s3pUtDILNCCa+Di2G7AXPwxa/P14c9nP5i4vYbkgeQW8pj1zGovEgK/JTZVcD:0q+AGtQO2GUXoa/P/HwbrfWc6onkJTZI

Score

10^/10

rat pijao 6 sept asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

PIJAO 6 SEPT

C2

16agostok.duckdns.org:8004

Mutex

DcRatMutex_qwqdanchunfdsaf

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2829371bb0133bd7580b28a8a2d4457702e93bd7008cb079349663d9ca022986exe_JC.exe

Files

NEAS.2829371bb0133bd7580b28a8a2d4457702e93bd7008cb079349663d9ca022986exe_JC.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B