asyncrat | Trash[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Trash.zip
Size

22.1MB
MD5

a8764c30e58b23a5a73b007a32a0acec
SHA1

505874fdec24c2501ea022af8398226c22c7e4e2
SHA256

e32c13f01b5023c54a71f2fc5010103fbca4c1bd0bcf2995fdfa376eebb699f3
SHA512

62e55899178b00eb9eca7dab49616c9bdb335720c7d6a2f91c7984cff3aee421eea2cf9fc346e40f14aec702729fe7333710870ca04d5f8e08e0690ec3b27914
SSDEEP

393216:t9oV+v4/NxSXz77xHkqD1qjJ+1y8vhNtZOE5E:tiWSNxI7xkz8EIhNtJ5E

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/EtiRAT-main/Stub/Stub.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EtiRAT-main/EtiRAT.exe
unpack001/EtiRAT-main/Stub/Stub.exe

Files

Trash.zip
.zip
EtiRAT-main/.gitattributes
EtiRAT-main/EtiRAT.cs
EtiRAT-main/EtiRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

/Re(T%{
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/Re(T%{
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 23.9MB - Virtual size: 23.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TF5EAB90
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EtiRAT-main/EtiRAT.exe.config
.xml
EtiRAT-main/FastColoredTextBox.xml
.xml
EtiRAT-main/Fixer.bat
EtiRAT-main/Plugins/Chat.dll
EtiRAT-main/Plugins/Extra.dll
EtiRAT-main/Plugins/FileManager.dll
EtiRAT-main/Plugins/FileSearcher.dll
EtiRAT-main/Plugins/LimeLogger.dll
EtiRAT-main/Plugins/Miscellaneous.dll
EtiRAT-main/Plugins/Newtonsoft.Json.xml
.xml
EtiRAT-main/Plugins/Options.dll
EtiRAT-main/Plugins/ProcessManager.dll
EtiRAT-main/Plugins/Recovery.dll
EtiRAT-main/Plugins/RemoteCamera.dll
EtiRAT-main/Plugins/RemoteDesktop.dll
EtiRAT-main/Plugins/SendFile.dll
EtiRAT-main/Plugins/SendMemory.dll
EtiRAT-main/README.md
EtiRAT-main/Stub/Stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EtiRAT-main/Stub/Stub.exe.config
.xml
EtiRAT-main/Vestris.ResourceLib.xml
.xml
EtiRAT-main/dnlib.xml
.xml

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

/Re(T%{ Size: 650KB - Virtual size: 649KB

/Re(T%{ Size: 650KB - Virtual size: 649KB

.text Size: 23.9MB - Virtual size: 23.9MB

.rsrc Size: 151KB - Virtual size: 151KB

TF5EAB90 Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 35KB - Virtual size: 34KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

/Re(T%{
Size: 650KB - Virtual size: 649KB

/Re(T%{
Size: 650KB - Virtual size: 649KB

.text
Size: 23.9MB - Virtual size: 23.9MB

.rsrc
Size: 151KB - Virtual size: 151KB

TF5EAB90
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B