asyncrat | loader[.]rar

General

Target

loader.rar
Size

28KB
MD5

293317c7dd5043a4914a3358c482afcc
SHA1

1f1a6b1b863cd52d8e39a2e14db2766b96971612
SHA256

c5519a8387a8e2628b361f31eea3a88075f450a6fc38a137353622347a54a31f
SHA512

a1f8bc9e23f287b11a12c379e9caaa941e44938265d1b279f321fcf942cfe0a87f0dacfb7c14fa93de90d791017250fa2af712333c9e5d99a46952d9ebbf5e51
SSDEEP

768:wU9kuGu8cFF64F6gIWMq3FgypuBoOsQwwi8MMaSYQM:wpuccFQU5Mq3FgypuBcQv1Bw

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

2.94.60.181:8848

Mutex

bevurcnkgzjk

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/0ax12evklb81ncOav.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0ax12evklb81ncOav.exe

Files

loader.rar
.rar

Password: 1234
0ax12evklb81ncOav.exe
.exe windows:4 windows x86 arch:x86

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 1234

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B