asyncrat | decrypted

General

Target

decrypted
Size

61KB
MD5

86cab8d49fd38362415c87b644d4ddab
SHA1

f08be955c6fa6b3a1f36693233214f3d63b63cfb
SHA256

64f373211953aa5e294e9d7dee8dee07866ceb7fa944f8c5845792489433afb6
SHA512

1774a3eddf1f6727033bfafdb99e26ba2c34aa4b1ff8325788035504c8f7e820c86fbe37123e3d38158f6d2657094d68b3f1c0dc5c9833ab1162a6392c60ac57
SSDEEP

1536:z+OAXoaIibUaSTt1oib85QgI55xnBoTKqq3Wfx:z+OAXoaIibit1oib8y55xMKF36x

Score

10^/10

rat rbxfps asyncrat

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

RbxFps

C2

eve.now-dns.net:313

Mutex

AsyncMutex_raw

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decrypted

Files

decrypted
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B