asyncrat | 8F461AD2F56D31807CE169C29D0C6208E92250ECEE6C3[.]exe

General

Target

8F461AD2F56D31807CE169C29D0C6208E92250ECEE6C3.exe
Size

45KB
MD5

5a40a73a8b5a72bc3ad6da4e901b6633
SHA1

9e20a3adafae671ac6bef36be6c4dc7fb921a417
SHA256

8f461ad2f56d31807ce169c29d0c6208e92250ecee6c3646e0500caf702a2689
SHA512

0c5981ccc2a18593f8a4f89ff11bce41c3b22194355a685ea7f65648ffbb6aa8afdc713610bc35abde5e5f0e4c2ffb643425c5aa8054b8506d7c22cfb469e598
SSDEEP

768:buq49T944nD5WUxiVDmo2qrjKjGKG6PIyzjbFgX3iiXjPnweP1rFBDZrx:buq49T9xy2uKYDy3bCXSiXj/wePZLdrx

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

pibirat.ddns.net:6606

pibirat.ddns.net:7707

pibirat.ddns.net:8808

fhfgjghkgh.ddns.net:6606

fhfgjghkgh.ddns.net:7707

fhfgjghkgh.ddns.net:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
asc.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8F461AD2F56D31807CE169C29D0C6208E92250ECEE6C3.exe

Files

8F461AD2F56D31807CE169C29D0C6208E92250ECEE6C3.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B