asyncrat | a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6.exe
Size

47KB
MD5

6657934f52a0686aefcfac430c49eb6c
SHA1

e803dc674a183866df2ea7c732bd6ce288e4d273
SHA256

a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6
SHA512

5d0991ccd328d04ee99136c08ecf6ce17d1d557e0b44a7df55a553002c61aaef3a018fdbc90e2a0ca21bd13ef26865e6a8a95d541feb1a827c101a7378703cf5
SSDEEP

768:oq+s3pUtDILNCCa+DimriAPYb+geRHuPkqgmvEgK/JfZVc6KN:oq+AGtQOgQbBJtnkJfZVclN

Score

10^/10

rat promesas new 05 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

PROMESAS NEW 05

promesasalvaro1.duckdns.org:7091

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Detects executables attemping to enumerate video devices using WMI 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice

Detects executables containing the string DcRatBy 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DcRatBy

Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6.exe

Files

a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B