asyncrat | bromin[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bromin.exe
Size

328KB
MD5

8aecbae9b91587ab855dd79c0dffb91f
SHA1

29e2f9a25eecde296c66eafab4053e8c65b0f8f9
SHA256

e4d2a9b4536366fff4e401760ef62fad117146335f210bb7506bef273eaea71a
SHA512

faa299559facfdbb0bd17ad4e42eb963edb11dcab03240a16cefd9cd330ddf8e540afba6b3f20e5166343e6e3471ae68b8e53e0567cc4ee5f251e77602a6ebad
SSDEEP

1536:yq5UL6G/fYUbq69rh2VhP4u8ZxkaICkGb3XxLQpqKmY7:yf2EYUbqM85RVGbJLz

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

Mutex

Ιw7比尺VW0n3比弗jDoΒBqtd

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%Temp%
pastebin_config
https://pastebin.com/raw/aZGHrq0c

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bromin.exe

Files

bromin.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ