asyncrat | 7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC[.]exe

General

Target

7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC.exe
Size

48KB
MD5

39fb8a8a40c829ac3a4fd5cd6ea473b7
SHA1

5930195043f8a59566d778d15acb31d3c3e5c3a8
SHA256

7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4
SHA512

e6d3074a3f2c8d474818d1611d36990b4ab9467f5ffe983ef7572414870c2802e2f353aa02579044c7b51e482bac23424bed9767b8fbb0c41ed16dd328b2beaa
SSDEEP

1536:euWk5T1gi29npmgpzmyb+M/oLnOA5UtGhdIR:euWET1gi29pmgpzmyb+/Ld6tI+R

Score

10^/10

rat rust asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Rust

C2

extra-hack.ddns.net:2550

extra-hack.ddns.net:2551

extra-hack.ddns.net:2552

extra-hack.ddns.net:2553

extra-hack.ddns.net:2554

extra-hack.ddns.net:2555

extra-hack.ddns.net:2556

extra-hack.ddns.net:2557

extra-hack.ddns.net:2558

extra-hack.ddns.net:2559

extra-hack.ddns.net:2560

extra-hack.ddns.net:2561

extra-hack.ddns.net:2562

extra-hack.ddns.net:2563

extra-hack.ddns.net:2564

extra-hack.ddns.net:2565

extra-hack.ddns.net:2566

extra-hack.ddns.net:2567

extra-hack.ddns.net:2568

extra-hack.ddns.net:2569

Mutex

j4hy8gsf6w53x4

Attributes

delay
3
install
true
install_file
Realtek HD Audio Universal Service.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC.exe

Files

7e1974ea77e2416b2ac75656d1e24da59de0af97815a9e337e4a7cc58f6339a4_JC.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 45KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B