asyncrat | e40435c6df1a16aad70fcb8582228bc3[.]bin

General

Target

e40435c6df1a16aad70fcb8582228bc3.bin
Size

30KB
MD5

c84c0bffdec62a9d3a21923a0dc22fd6
SHA1

88f99e079698484cc5468cbf170eadfd070e9d84
SHA256

cd5b2d3be275c706c0ae8567972f645f6ec95118c93524955b88183c1abfa753
SHA512

4a3cfc455fc09311a72153de9308a81e6f8b4fb05f9a312ae29e417c920368db9abd05cbe571dd9798f712b98a35ad255f3a75bbcafc74f90e46f836d5657b73
SSDEEP

768:lM/x7BjjsOiHLYlizAaUu5gtxKWXP/sd3f+GYAYT36xEi29wWjcx/:lMlBAOZUzAAgyWXMd3fIAY+nWjcJ

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Mutex

吾吾owlΒiH1XNبmש吉E迪yاqCX

Attributes

delay
1
install
true
install_file
GoogleChromeUpd.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/6148afd882ab17b41c7e5d92569d55426ef18bec0c45335529ca66c0ae19efdd.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6148afd882ab17b41c7e5d92569d55426ef18bec0c45335529ca66c0ae19efdd.exe

Files

e40435c6df1a16aad70fcb8582228bc3.bin
.zip

Password: infected
6148afd882ab17b41c7e5d92569d55426ef18bec0c45335529ca66c0ae19efdd.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B