asyncrat | eddb12b0fec4ee494f7d339112f744d5264378c22f465fd2be9e89820842c68f[.]exe

General

Target

eddb12b0fec4ee494f7d339112f744d5264378c22f465fd2be9e89820842c68f.exe
Size

66KB
MD5

3a1b922388a1e3c0d71397b97da2f9f7
SHA1

15df67a321b77fb85ef808d622a8ff2079d79f6e
SHA256

eddb12b0fec4ee494f7d339112f744d5264378c22f465fd2be9e89820842c68f
SHA512

5b2749cbe00ea493ee19f724c98cdb3e2d7b88f1414c75c0099230ce21190c41d4b81c3ad6dd8d9f4f9e4e4160b9c9e87d3e0a2dc699eb63a4e558e0235fcd50
SSDEEP

1536:J2PeSmaSykxZ1Q4KufUYFOB/9+XL86VpzIRb3B5/fotllbrPlTGpx:J2mS3SykxfKufUYFBXQ6VNOb3Po/NdKx

Score

10^/10

rat zhitler3 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

zhitler3

C2

hitler55.dvrdns.org:555

hitler55.dvrdns.org:5555

hitler55.dvrdns.org:6666

hitler55.dyndns.org:555

hitler55.dyndns.org:5555

hitler55.dyndns.org:6666

hitler0077.linkpc.net:555

hitler0077.linkpc.net:5555

hitler0077.linkpc.net:6666

2hitler.ddnsgeek.com:555

2hitler.ddnsgeek.com:5555

2hitler.ddnsgeek.com:6666

1hitler.accesscam.org:555

1hitler.accesscam.org:5555

1hitler.accesscam.org:6666

Mutex

AsyncMutex_zhitler3

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs

Detects file containing reversed ASEP Autorun registry keys 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eddb12b0fec4ee494f7d339112f744d5264378c22f465fd2be9e89820842c68f.exe

Files

eddb12b0fec4ee494f7d339112f744d5264378c22f465fd2be9e89820842c68f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 63KB - Virtual size: 62KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 63KB - Virtual size: 62KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B