asyncrat | 2980-7-0x0000000001130000-0x000000000137A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2980-7-0x0000000001130000-0x000000000137A000-memory.dmp
Size

2.3MB
MD5

7df9e6c3ba388bb11ffcf0d718230c87
SHA1

3c69e83b7c2e09721e2dd03c5ac85569a40cdab8
SHA256

5c8323d192417ed6cddba730fe2aa5e4de8d583e47dd6f93811732b0b924026a
SHA512

0388818e7a3bc6ab92ad027e6489f5ecd4fb0a80d155f31f544712183ba3292e552862dc5e3169a3ef70a267daf502e2b2e0ac1c15b7d1bcf7c02192d46430a9
SSDEEP

24576:4fBtcKbmAfpW2eIIsgpeipCjT2Dr9RwjpFDXdWvZOcbbNj4N2fUuBk87cr5TfToI:4p+KbmAR7O3peyL8

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2980-7-0x0000000001130000-0x000000000137A000-memory.dmp

Files

2980-7-0x0000000001130000-0x000000000137A000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ