asyncrat | b0f2b902c66d71756f785eb099001989[.]bin

General

Target

b0f2b902c66d71756f785eb099001989.bin
Size

38KB
MD5

83abe6a96e67dc67701dbbdf7b7f58bf
SHA1

2d5057e0eead6240ca3d8ffab5de72e6a8a35244
SHA256

55775a612c5e28cdcf01e1eeb56a3c82200f5435416ddfdee9b88cbdf691ba9d
SHA512

bf79e18d35af56a4e081a9ce0210aaf2fe51d3a46617b2c236beb4fff861cda3b139953335708a71e25102edf7084831c64b18338bbce99272ebefb0764fb90a
SSDEEP

768:XS6V1Y70UxY/TpmKjSjiM50GBK6LTa9ARCigo3e9iH:XjYLi/xjpMfBK6LTyaLH

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

nationalteams11.publicvm.com:7719

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
python2.09.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/a9b516990db5fb757d5745cbca218fb6996562af0454dc3820403890d77abcb6.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a9b516990db5fb757d5745cbca218fb6996562af0454dc3820403890d77abcb6.exe

Files

b0f2b902c66d71756f785eb099001989.bin
.zip

Password: infected
a9b516990db5fb757d5745cbca218fb6996562af0454dc3820403890d77abcb6.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 60KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B