asyncrat | Infected[.]exe | Triage

Sharing

General

Target

Infected.exe
Size

63KB
MD5

ae9a755bca8d36ec41049411733f1989
SHA1

a192ffa0457b4f88dfcea7f7cbd678e72a09be05
SHA256

dd881af5d3ead2db2cf1a335bd6293483fd1dde02ec11d5b6815b6dd5a2b827b
SHA512

dfa76f0a4fd4b6d0cbcc9ae13ef186e3c81afb40b30454022d60bb33305efe65833229a7d5e8a16e2d8006ff07cde69228c12b022c9c65944cfbd546d77cfff1
SSDEEP

768:l/X4YSjO4z+O78dAC8A+XO6azcBRL5JTk1+T4KSBGHmDbD/ph0oXgbbVSu9ydpqM:lwp+0tdSJYUbdh9gbou9ydpqKmY7

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

Mutex

ΔD吉4Ε弗0EsqתAD德R1贼اEΑl

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/qpB6hEFt

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Infected.exe

Files

Infected.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ