Behavioral task
behavioral1
Sample
NEAS.0ff4ee90b781b9f295724ef48a10de70_JC.exe
Resource
win7-20230831-en
General
-
Target
NEAS.0ff4ee90b781b9f295724ef48a10de70_JC.exe
-
Size
160KB
-
MD5
0ff4ee90b781b9f295724ef48a10de70
-
SHA1
77a57b29f1aab01ffe89d7ab9778035a393456e8
-
SHA256
49281ec5f3bdbbe86268bddcdd59909573420a7d751639d9d10d66a48f3d5d4c
-
SHA512
f29f8cd0ad8e27f579d0c787b84dfdcfab2e33601cb8f79469af1be3ec680e5c0a0e565dd47f3ce89b9b549885aebff3bd517155355bef2a731e5738e9e7ba78
-
SSDEEP
3072:3rRIjYn+gbwtRJR6agMAZtxEYqGBoNcvyal5bx/jz1t5PWY:VdChB3AZtWOo5a3bNz1t4
Malware Config
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule sample asyncrat -
Asyncrat family
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.0ff4ee90b781b9f295724ef48a10de70_JC.exe
Files
-
NEAS.0ff4ee90b781b9f295724ef48a10de70_JC.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ