asyncrat | TEST[.]exe

General

Target

TEST.exe
Size

45KB
MD5

41755e5be8d1c52a931eb5849a09d55e
SHA1

f75d8ce948307b5283bec5894842c8d5802a9841
SHA256

d0ea6d1b85d01873d607e7b0d46e3d22d3de74fdc9cea79fa4d9b38f76b44a84
SHA512

83d96402a59db74094f936315914962e4c077ab5997d1ac85dff9ad6cb9c0d82d5f09a4a1890ba3d0b1bfbdef090a15debc16dc566bcb340ebab76729332792d
SSDEEP

768:JuE8lTRgetQWU2fy5mo2q7wpt0vThdjCvx8PIW5jbkgX3iisXCP0naOZIBDZbx:JuE8lTRB82b216BW5brXSVn3udbx

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

3.6.115.182:4040

3.6.115.182:6080

3.6.115.182:4444

3.6.115.182:13997

3.6.115.182:11800

cringelord6969.ddns.net:4040

cringelord6969.ddns.net:6080

cringelord6969.ddns.net:4444

cringelord6969.ddns.net:13997

cringelord6969.ddns.net:11800

127.0.0.1:4040

127.0.0.1:6080

127.0.0.1:4444

127.0.0.1:13997

127.0.0.1:11800

tcp://0.tcp.in.ngrok.io:4040

tcp://0.tcp.in.ngrok.io:6080

tcp://0.tcp.in.ngrok.io:4444

tcp://0.tcp.in.ngrok.io:13997

tcp://0.tcp.in.ngrok.io:11800

Mutex

4uDe236SvN1p

Attributes

delay
3
install
false
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TEST.exe

Files

TEST.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B