General

  • Target

    6088-588-0x0000000000D90000-0x0000000000DA6000-memory.dmp

  • Size

    88KB

  • MD5

    effd1a71addc16837223bd00c408e707

  • SHA1

    3c6012852b1d065f8be8b926f26f71331e44fdbd

  • SHA256

    d6dc8ccb2e97e8295e0ed8e7d95476b92658eb66931419552ffc96909bbae613

  • SHA512

    f15a29c01e5586bbb4910279f7f8c3c6961658acf342650cd1ad73ef2c505b9461e2806f7251b7b38be6b8205463e7f6e291d6bca60f5e09ac547b61f62d720d

  • SSDEEP

    1536:/W2FoaIkEZMqC3qkrfF6JoocXmoE83U6aEw5o3D6Lmbbi8SzSN5A/w8rgTR5x:e2FoaIkJE83U6aEGoTTbbpoxefx

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

JAMESRAT ���� JAMES RAT

Botnet

Default

C2

474ba67bdb289c6263b36dfd8.xyz:8788

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    dd.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6088-588-0x0000000000D90000-0x0000000000DA6000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections