asyncrat | acd3958131f7a29d582e8e06dbac8a00f95718668e0b6270603bc7f65b2a8224

General

Target

acd3958131f7a29d582e8e06dbac8a00f95718668e0b6270603bc7f65b2a8224
Size

22KB
MD5

7e413bb855dc9e6a35035ffb8416f05f
SHA1

99d13c93baf0b20bcc76b8dad15e7e5664a716a3
SHA256

acd3958131f7a29d582e8e06dbac8a00f95718668e0b6270603bc7f65b2a8224
SHA512

cf1d97f5cf4b9641377b98b007831b4d27949d97ba7b5a66f89c15977940d90c836e3b234e0daeacfd5f7f405aafa8c131cf37c2309b0276866f380eebc108d4
SSDEEP

384:SpAyvbaYNXjdx15HgBBP1jVCvsVq2fYHYVbo7ZYMr9tIfO1pjOeDCrpT/kiDQDFC:Sp3bBNzJKBPCsVK4VU7ZYMr4fMjOeDiD

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

185.196.10.233:6606

185.196.10.233:7707

185.196.10.233:8808

Mutex

76YYDZjp0yOA

Attributes

delay
3
install
true
install_file
dfdgfgfgfg.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/ab3033f608fadc0fb8b6cea666c8abb2015833552a202ed8fa8b79541c08e4a8.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ab3033f608fadc0fb8b6cea666c8abb2015833552a202ed8fa8b79541c08e4a8.exe

Files

acd3958131f7a29d582e8e06dbac8a00f95718668e0b6270603bc7f65b2a8224
.zip

Password: infected
ab3033f608fadc0fb8b6cea666c8abb2015833552a202ed8fa8b79541c08e4a8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B