asyncrat | 924-55-0x0000000000AC0000-0x0000000000B1A000-memory[.]dmp

General

Target

924-55-0x0000000000AC0000-0x0000000000B1A000-memory.dmp
Size

360KB
MD5

430f0cb68cbf8f2b0bc0993437d8cdf8
SHA1

628efe1320c1bef7d13e7f3cf6aca7f7d901f2ec
SHA256

7c61e8e969467f28b0803a40016004d47cecc4f60cfef5b814c48442556c215c
SHA512

ac6ab05dcea2ec36912e78e9368cb16f135a552dc9cd7b77f9e7e23c8a8b4638868b3eb56e29aa7a55169e515b0b54fed40f765b80b79a849a7d725e15d55e3a
SSDEEP

6144:Cua9tbLV8fl71TJMVPMeDQHlIFspjOrQGMnvdUKBtyUGYU6aYoLE3fIIsQr:WpV8NRTJMfMqQqrQXvSKbyUGR61IIsQr

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Ghst Rat 1.0.8

Botnet

Default

C2

193.200.134.9:9969

Mutex

qguisdgiddu8292e82gcd234ss54g3gd438gev38v21

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
924-55-0x0000000000AC0000-0x0000000000B1A000-memory.dmp

Files

924-55-0x0000000000AC0000-0x0000000000B1A000-memory.dmp
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 330KB - Virtual size: 330KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 330KB - Virtual size: 330KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B