asyncrat | test2[.]exe | Triage

Sharing

General

Target

test2.exe
Size

63KB
MD5

a6b6984d49636b219e58e00e044e0148
SHA1

a905952810ad0d694ce0012ca88fb6e2aa44b75d
SHA256

3213f4fcf0e572ac3ea6460af7478aacea9f70daceec692c2f8514e267a6f429
SHA512

b71a2e221f46032c901ac4846c6ee0aaa6f69e96a730eb4871b454a0043066c4ebf2d0915843423a8b6be40421fe8ba1032a68cce3aa8529180a4fcc831cf017
SSDEEP

1536:H1/k1+XU3RblJpUYUbhh988XuwdpqKmY7:H6iU3hiYUbh48NGz

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

tcp://5.tcp.eu.ngrok.io:18322

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample family_asyncrat
Asyncrat family
asyncrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

test2.exe

Files

test2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ