asyncrat | image-logger[.]exe | Triage

Sharing

General

Target

image-logger.exe
Size

74KB
MD5

0a291a993dbaec4df4ea88cde65598b8
SHA1

6672a080036eb09dc03266450cdcd50c7ca23503
SHA256

6db2aab2536cc2ec2a09e0db5b33ff5e98b448a88b20adb447b286a38c52ce65
SHA512

bb97d27d229aa5512e048edba3f2d57bb81bad9b2a490015a6eac7af8622c022055a9183f0ab48d9af3047b2d78b2bebc5d90a996b2975a9023f05b28ee5924f
SSDEEP

1536:KUnkcxg8xNCzyPMVv6edjOXqIgH1bK/MBxZQzcWLVclN:KUkcxg8vcyPMVv6edjOkH1bKSPQvBY

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

147.185.221.19:29253

Mutex

xjckgroqdiwtsjsubu

Attributes

delay
1
install
true
install_file
Update.exe
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample family_asyncrat
Asyncrat family
asyncrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

image-logger.exe

Files

image-logger.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ