asyncrat | 40501127351eb5ffbcd199f29a0a75ac09e6cc2bbcd9774a05d646031322ce60

General

Target

40501127351eb5ffbcd199f29a0a75ac09e6cc2bbcd9774a05d646031322ce60
Size

48KB
MD5

ddaabf17769168ed1eba6feeaeb2b1a2
SHA1

ed9544022eba4a05bfbe671b3cf9d941ffb137d3
SHA256

40501127351eb5ffbcd199f29a0a75ac09e6cc2bbcd9774a05d646031322ce60
SHA512

19d779351002de0dd96424356c09e96f76493d6cfdb6b8a7258e6abe49b4c0728e5841a0f3e46feafd4646c238c17553186d37a550bb930d21bb17f9eb4a2564
SSDEEP

768:SukjVT0kLd3WULVPdVmo2qDAlD9dhodPIvMBDeHXUEz0bEixuqmGLWioeZrVcH35:SukjVT0M912HZdhjvMBDeHubEDqJKiPs

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:9119

tech22.ddns.net:9119

Mutex

7BGpdhElezG3

Attributes

delay
3
install
true
install_file
system.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40501127351eb5ffbcd199f29a0a75ac09e6cc2bbcd9774a05d646031322ce60

Files

40501127351eb5ffbcd199f29a0a75ac09e6cc2bbcd9774a05d646031322ce60
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B