asyncrat | serv[.]exe[.]danger

General

Target

serv.exe.danger
Size

50KB
MD5

1c9f2b52fbd2ae557c35f4df86494ec5
SHA1

f90cec29a55516404205fc63a0e4d4dcd4f2fd5c
SHA256

8140f6c83084700a677d4ccf7e10eaf9f8036f95edd99e9b2aad86e614b13fe2
SHA512

57c90cdd51b3100d6d1d9d58847108dc4e2089ad0070e57c6e4daebdeac4a9835c6b11ceeb05e20c9d327d031ee7e7c479076c26204fd2e3176d51fa6463be58
SSDEEP

1536:x83JHetePG1hcB2Ubp6s3opVht0TSMt9Ex:x83J+tePG1hcB2Ubp60AcSM8x

Score

10^/10

rat ****g0lp3***asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

****G0LP3***

C2

chromedata.accesscam.org:7707

chromedata.accesscam.org:4404

chromedata.accesscam.org:5505

chromedata.accesscam.org:3303

chromedata.accesscam.org:2222

chromedata.accesscam.org:6606

chromedata.accesscam.org:8808

chromedata.accesscam.org:5155

chromedata.accesscam.org:5122

chromedata.accesscam.org:8001

chromedata.accesscam.org:9000

chromedata.accesscam.org:9999

chromedata.accesscam.org:8888

cdt.3utilities.com:7707

cdt.3utilities.com:4404

cdt.3utilities.com:5505

cdt.3utilities.com:3303

cdt.3utilities.com:2222

cdt.3utilities.com:6606

cdt.3utilities.com:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
DesbravadorUpdata.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
serv.exe.danger

Files

serv.exe.danger
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 47KB - Virtual size: 47KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B