asyncrat | 2024-05-02_9a1e8473308056b42c47cb919b7d0f71_asyncrat_hiddentear

General

Target

2024-05-02_9a1e8473308056b42c47cb919b7d0f71_asyncrat_hiddentear
Size

172KB
MD5

9a1e8473308056b42c47cb919b7d0f71
SHA1

a2c4df22ddd41f09fd85823b21f3a9089384aa13
SHA256

3f24f350f06ea8a5c02d52fe2c9fb8b8907ca7f45a88a91503425778f4499334
SHA512

dc42538e91a9eeaf39d2a49a55057a79e6896fcd65cfc06c9236c3f44527002817d6ea1e7b2ebe97d493669263a63b449c6b74ad2f8a9f7aaa1f54bdf83af03c
SSDEEP

3072:rUZcx4GfSPMV7e9VdQsH1bfEQYM+lmsolAIrRuw+mqv9j1MWLQDJY:rRfSPMV7aesVbM8+lDAAS

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

Default

C2

127.0.0.1:8081

127.0.0.1:4449

127.0.0.1:13153

177.22.115.185:8081

177.22.115.185:4449

177.22.115.185:13153

Mutex

yosdcaqzgzdamufjnh

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Detects executables attemping to enumerate video devices using WMI 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-02_9a1e8473308056b42c47cb919b7d0f71_asyncrat_hiddentear

Files

2024-05-02_9a1e8473308056b42c47cb919b7d0f71_asyncrat_hiddentear
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 69KB

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B