asyncrat | b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e[.]zip

General

Target

b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.zip
Size

8.8MB
MD5

61262de3304f237ce1db620981b5df02
SHA1

c85fd70faa8d4e927a6fdfd584a2ccfc657f44f4
SHA256

461fd63e7113ef8e6cfef0be9a3735a3be36a6d662e9d3aa5b44886da2eb56f7
SHA512

ad9c6f147d6ecac3c0118a7200e089c2e6e275ae1d6186fd49d587b04271aafc1c92d9e6ec6449086d513026e2908f4980060da459063fb65eeca255ab3f1d16
SSDEEP

196608:UvTd62cj9t/VnaA/l5MiWwUByNSmhnWRlFAq6HzFIlyX:UvTibVnrnMii7mt8/D6hIlyX

Score

10^/10

rat trojan asyncrat boratrat

Malware Config

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe	asyncrat

Asyncrat family
asyncrat

BoratRAT 1 IoCs

BoratRAT is an all-in-one malware toolkit that is capable of a variety of destructive activities, including acting as a ransomware, and performing credential theft.

trojan rat

resource	yara_rule
static1/unpack001/b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe	family_boratrat

Boratrat family
boratrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe

Files

b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.zip
.zip

Password: infected
b47c77d237243747a51dd02d836444ba067cf6cc4b8b3344e5cf791f5f41d20e.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

.text
Size: 20.3MB - Virtual size: 20.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 120KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 20.3MB - Virtual size: 20.3MB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 512B - Virtual size: 12B

.enigma1 Size: 120KB - Virtual size: 8KB

.enigma2 Size: 280KB - Virtual size: 280KB

.text
Size: 20.3MB - Virtual size: 20.3MB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 512B - Virtual size: 12B

.enigma1
Size: 120KB - Virtual size: 8KB

.enigma2
Size: 280KB - Virtual size: 280KB