asyncrat | 6562a3c05a741eea182a566c4403f512[.]bin

General

Target

6562a3c05a741eea182a566c4403f512.bin
Size

23KB
MD5

fa9348aa7b37f87e1f7554b5be1c4272
SHA1

7b0d648b4b82dc642cd4c49438eeb6d9eaa4a487
SHA256

18ba06bfbbad769e1d24ac024d7189956da6a36405c08d5e8d85cb5c4896ab66
SHA512

8eec38db7ea54512d6f598ddbfa5a6547da4a73d7bf7f70e1c83732559f8e7968201e967debeb668b5d3d242dfcf2c97dcedda2df22837b62eabce83bd1ffb1a
SSDEEP

384:Gt4C9Sz+kQnlyv9Z8VWPS4rpaUg2KEFTQLrygERHtv2VmzbtmvN4O/oRJi2PdAb4:Gt4FiPnlyv0oaOpamKmaWgEzuVOQl4OW

Score

10^/10

rat ivan-16 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

IVAN-16

C2

krater1.con-ip.com:7082

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/df37b362150d37374f604ed290c613701e5167d84abae499b82bc74f970d966b.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/df37b362150d37374f604ed290c613701e5167d84abae499b82bc74f970d966b.exe

Files

6562a3c05a741eea182a566c4403f512.bin
.zip

Password: infected
df37b362150d37374f604ed290c613701e5167d84abae499b82bc74f970d966b.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B