asyncrat | C11Bootstrapper[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

C11Bootstrapper.zip
Size

214KB
MD5

f2a3127167527858f3df2856faf175a1
SHA1

f65ae05fbadc1230d4d4511523c1220bd066a251
SHA256

b5b756ca3f6097116ccd6b5b284bc7c0ace10a5842a70ce96ebefde62b687f49
SHA512

e5f3dcd5cc45fe0e6e285d1c74702f4369113b07dfa2be383e61cc98b38715562b542d4ecfcadfafabdeddf5c20794085e0f17f9e3b209381c985f6b99cc3683
SSDEEP

6144:LA3cXkEnu8vjKbnU9tWCnHGXf3fgDmRyno8wIzHgo:LAMXkr8IUjmXfPgDmRyno8wIzAo

Score

10^/10

rat default asyncrat umbral

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

127.0.0.1:6555

127.0.0.1:0

127.0.0.1:4040

Mutex

chhphkahmfnasuyziqc

Attributes

delay
1
install
false
install_folder
%Temp%

aes.plain

Extracted

Family

umbral

https://discord.com/api/webhooks/1210158511317590106/v9w3kiFGxTmHnaLb091GZCxjv8fdr5efj0qIDNAgPdpreNR5UKL8WQl7YxoqctUCkOnB

Signatures

Async RAT payload 2 IoCs

rat

resource	yara_rule
static1/unpack001/C11Bootstrapper/Properties/C11Setup.exe	family_asyncrat
static1/unpack001/C11Bootstrapper/Properties/PageEditor.exe	family_asyncrat

Asyncrat family
asyncrat

Detect Umbral payload 1 IoCs

resource	yara_rule
static1/unpack001/C11Bootstrapper/Properties/GuiLoader.exe	family_umbral

Umbral family
umbral

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C11Bootstrapper/Properties/C11Setup.exe
unpack001/C11Bootstrapper/Properties/GuiLoader.exe
unpack001/C11Bootstrapper/Properties/PageEditor.exe

Files

C11Bootstrapper.zip
.zip
C11Bootstrapper/Properties/C11Setup.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C11Bootstrapper/Properties/GuiLoader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C11Bootstrapper/Properties/IndependenciesInstallation.bat
C11Bootstrapper/Properties/PageEditor.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C11Bootstrapper/Properties/msgbox.vbs
C11Bootstrapper/Readme.txt
C11Bootstrapper/Start.bat

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 69KB

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 227KB - Virtual size: 226KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 69KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 227KB - Virtual size: 226KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B