asyncrat | AsyncCient[.]exe

General

Target

AsyncCient.exe
Size

47KB
MD5

2285425f9aea253c8952526652c5e768
SHA1

da350f1dd16af437df7bc61f379c6de1f559a4c6
SHA256

bd85e14f61b59c6f72cad90590abbdc50c8ce5f1a8b491abeff5049023cf1d1d
SHA512

243c000f15b5f040beb350b68a4bff447d1a5fb5ac9fc2ebcbc1f21ba5435bb41a3b08e87c0d5d48eea46db5643ea338bcf16b758bccf1b9581ff140cdd1c2ff
SSDEEP

768:PuTO9TgQsFcZWURDOjmo2qw3WOsHQHPIL68p3L0bfhEaDqpmFfueZVK2nCFgBDZ4:PuTO9TgQCv2nO9L6u3AbfJlmeZVVnC82

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:37915

127.0.0.1:39657

de-engines.gl.at.ply.gg:6606

de-engines.gl.at.ply.gg:7707

de-engines.gl.at.ply.gg:8808

de-engines.gl.at.ply.gg:37915

de-engines.gl.at.ply.gg:39657

these-accommodation.gl.at.ply.gg:6606

these-accommodation.gl.at.ply.gg:7707

these-accommodation.gl.at.ply.gg:8808

these-accommodation.gl.at.ply.gg:37915

these-accommodation.gl.at.ply.gg:39657

Mutex

tsUz002JWVnp

Attributes

delay
3
install
false
install_file
dllhost.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AsyncCient.exe

Files

AsyncCient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B