asyncrat | NEAS[.]e578edee38d5535e30caafd98378da30_JC[.]exe

General

Target

NEAS.e578edee38d5535e30caafd98378da30_JC.exe
Size

68KB
MD5

e578edee38d5535e30caafd98378da30
SHA1

f590979fd25cc770e2166e705498e9f5b6d0c9e5
SHA256

48d012b10bfe0357a6e9fddfd1c0c4ba43df7b311c3565cb5e859863d3ad58f5
SHA512

ddaff3286b9eb221d143a9df786903e7f77a127a4d51327a376a7184f44500a099375d4de0c1c140257d3b562628201b1469b456bd2479ac2558927afa692ec8
SSDEEP

1536:nBeLvAdswPuCnbeeiIVrGbbXw5DgGJGpqKmY7:nBeLvAdswTnCeXGbbXMlz

Score

10^/10

rat venom clients asyncrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

127.0.0.1:6666

127.0.0.1:22942

167.71.56.116:6666

167.71.56.116:22942

bold-bush-09147.pktriot.net:6666

bold-bush-09147.pktriot.net:22942

Mutex

Zero_Security

Attributes

delay
1
install
true
install_file
Sub0.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e578edee38d5535e30caafd98378da30_JC.exe

Files

NEAS.e578edee38d5535e30caafd98378da30_JC.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 12B