asyncrat | 84aa3de45d2e7acd5eac4c4ee0a7ab3a[.]bin

General

Target

84aa3de45d2e7acd5eac4c4ee0a7ab3a.bin
Size

23KB
MD5

fb2ae6b6b01667fb88be7845bfc345a2
SHA1

c0842bbf8b1141e2014079650cf81a27991d24d9
SHA256

dde3ec121a89ab1455af4aa26c17f488a50d97e63cc9f005aa347432d7811a51
SHA512

792db05e541a75755e1ebbfe76130bb5e22f3c9d46cd9a4aa8089bd748438f77538f1b5a30bc06f0bc4e75c26fdd89a9eec05aa0fec78d9a22939dfa8a8cb2e5
SSDEEP

384:zSWo7DTySYxpJO84b1/ek7Psnf1QaSAFwdbHpKJmtp5qG7pV410gXw2XPCN/gDOf:zPo7DKOpheWknfH1wZpKJmXx7DGX6Bgy

Score

10^/10

rat revery asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Revery

C2

window10.duckdns.org:2016

Mutex

5&TY#W63vyttytyyybaefgaefDDEWQ

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/329bb4673ee77f46d37a9fd5bd6a2f1ad9c31d7d4f0b724aba6d5b9947f1a3c5.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/329bb4673ee77f46d37a9fd5bd6a2f1ad9c31d7d4f0b724aba6d5b9947f1a3c5.exe

Files

84aa3de45d2e7acd5eac4c4ee0a7ab3a.bin
.zip

Password: infected
329bb4673ee77f46d37a9fd5bd6a2f1ad9c31d7d4f0b724aba6d5b9947f1a3c5.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B