asyncrat | dea7def17c0c3922477acb38a8ec87ad[.]bin

General

Target

dea7def17c0c3922477acb38a8ec87ad.bin
Size

23KB
MD5

552c143d3119cc3185986497bb303195
SHA1

7ccf7820101c932a6a249b5437e04919aab7bebb
SHA256

f3e1c5bd972ffa5d60af52248641beeee886347f2e4927f6742073a1f3a35e74
SHA512

016675c7af61a319a82212fd4a1ec3929571ef1cfa4bf6846df79a774b0c566a688863b202ea93c9b8e27421f54e09a5253202bf6a932db44079ecb14f68868a
SSDEEP

384:dtAcqa6VjH3hqOC2IB/pOL1Dx9nCFA58P/0xirZ2KJqkv8gVbvtuuqIVYGnuAC51:gna6xXhbIB/pGxorH71fQkv8gJjqcuN1

Score

10^/10

rat 18septiembre asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

18Septiembre

C2

actualizaciondedatosgrupoaval.net:1011

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc.exe

Files

dea7def17c0c3922477acb38a8ec87ad.bin
.zip

Password: infected
1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B