asyncrat | Infected12[.]exe | Triage

Sharing

General

Target

Infected12.exe
Size

63KB
MD5

30fc53429b17b5f61b833b130b580f98
SHA1

52283c72c3662f64f613356b9601e927ee2c00dd
SHA256

779604d4424cfd906b2dcaef852dca573900ebf7a8555c70f539a661e22f9d60
SHA512

9cb794bf5550f9de74f1260f684cb1ca231c7f757305ab7e37ea8677959f38549ec5f1936b8b51aa494494666d4a981ff7a5fd573f6de78933fb9f6315d1b646
SSDEEP

1536:/vCCPT59hnK+VXLH1oWoOiQYUbkh9/y1nDMuIdpqKmY7:/vvT7y4YUbkqCGz

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

193.161.193.99:44548

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Infected12.exe

Files

Infected12.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ