asyncrat | e3a50cd4b0d687de0371979907eecec8[.]bin

General

Target

e3a50cd4b0d687de0371979907eecec8.bin
Size

23KB
MD5

4d3ad2cd9524e9b040349c82ad6f2045
SHA1

88ee00720105fbd92f84ce7bf3fd2dc9db3346af
SHA256

c68066c24b60e6a14d7fc47fa69446ea640832385a90c7b50397aec3f89c3090
SHA512

c62335eb53019ed71b05897f00dce1c0caebec15a30c450b3287dbd31fe92e3afbf4c37e068dcaaf5065c0221c06a31259872489b13c68bf7605c3b6522a23de
SSDEEP

384:7uBNNqJVcNmzTV1wAedctTkQ+zKhrOipTd84s6CfWFSdj5vUTlCJPwfsDGl4a0hs:ONt6TV3VSdIDpC4yWYdjK0wkD24NlRGB

Score

10^/10

rat dead_fest asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Dead_Fest

C2

window10.duckdns.org:2016

Mutex

DcRatMutex_qw6rgvfu6ruj67fere5fhy HJG

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/bbfd0355383f8e0df1442c646737854bfccb138b9c89e86c64c3d49d31e5fbf8.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bbfd0355383f8e0df1442c646737854bfccb138b9c89e86c64c3d49d31e5fbf8.exe

Files

e3a50cd4b0d687de0371979907eecec8.bin
.zip

Password: infected
bbfd0355383f8e0df1442c646737854bfccb138b9c89e86c64c3d49d31e5fbf8.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B