asyncrat | 2a0179de868a92468d14c225a082437e9c16267ba0718e750b7900435b7ea5ed

General

Target

2a0179de868a92468d14c225a082437e9c16267ba0718e750b7900435b7ea5ed
Size

65KB
MD5

c59017ea85bba7dd74812bda3217babf
SHA1

206583b69ee201c7c737a1c8da7de8ab2c9f027f
SHA256

2a0179de868a92468d14c225a082437e9c16267ba0718e750b7900435b7ea5ed
SHA512

1b8fb72468bc3513155aec27961458031aa21c9ae7b9105f32fa91c3edd34f595376068ccf6f8e204a14755dda2a798945259d341008f5d722d029046b966f19
SSDEEP

768:NwGjMgZ6AbTDE9YovM5SDJMQ8IPiEoaHCpd1sBtgHuPCSCvMmqb2nDpjrF1o9VY0:1jMgZvb6Dhdimi/eAafhbbSfl8/z

Score

10^/10

default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

webwhatsapp.cc:65503

Mutex

no2.agentwindows.college

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Asyncrat family
asyncrat

Detects executables attemping to enumerate video devices using WMI 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice

Detects executables containing the string DcRatBy 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DcRatBy

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a0179de868a92468d14c225a082437e9c16267ba0718e750b7900435b7ea5ed

Files

2a0179de868a92468d14c225a082437e9c16267ba0718e750b7900435b7ea5ed
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 63KB - Virtual size: 63KB

.rsrc Size: 1024B - Virtual size: 884B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 1024B - Virtual size: 884B

.reloc
Size: 512B - Virtual size: 12B