asyncrat | 3dfx[.]exe | Triage

Resubmissions

06-11-2023 06:37

231106-hdy2tahe5x 10

06-11-2023 06:28

231106-g8gwcahe4t 10

06-11-2023 06:12

231106-gylfsaba53 10

06-11-2023 06:03

231106-gr57lsba35 10

06-11-2023 05:55

231106-gmetvsah93 10

Sharing

General

Target

3dfx.exe
Size

47KB
MD5

4d7424a4bba97692e59b3b203066860f
SHA1

08013fe3706ef2df075757640e99d0e697f820ba
SHA256

e8cfa912e022bed8fcf57d3a03a3f5a1780b5cd547b7c190029d7b082632215a
SHA512

99c90b108fbebb076e52fcfae84a489c4870e2978966bc89b485aced26f71c9c1cb3a99356531b2229c79449bfab94dbc53fc7553db5003d58c5ea0cc57ce242
SSDEEP

768:2ugPNTjgkH7F7WUHw9pmo2q79UEOFY+ZlPI4yOlSTmP0bVpFn8O1U6VaegmSvbni:2ugPNTcI42dEQYD4yO8TmMbVpJ8V6Vam

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

87.121.52.241:2000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
3dfx.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dfx.exe

Files

3dfx.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ