asyncrat | BetterDiscord[.]exe | Triage

Sharing

General

Target

BetterDiscord.exe
Size

6.0MB
MD5

d5ad8b950946239be36b43e1f09bd171
SHA1

80ae48c745b51abfdc54ebf7af9ab8fbc933898c
SHA256

6a950e011446449a8dece73c5e5a1cabd8c2fdc6d02e3bec1b1b38fc54be1556
SHA512

da3616e838d6db3527a8fdcdb41f284b261ad543cd50a9af3e64e07a4723f17b0338e3fec136872e437c1bb525e4890b5c0f8209b8a70be30f18c5b17d2b02de
SSDEEP

768:J951Fn3n9P78zQC8A+Xv9xUgGAm+kijfCKv1+T4WSBGlmDbDzph0oXRW7p+XSucV:BX9xbtgd0BWUbhh9U/ucdpqKmY7

Score

10^/10

default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

0.tcp.eu.ngrok.io:14406

Attributes

delay
1
install
true
install_file
BetterDiscord.exe
install_folder
%Temp%

aes.plain

Signatures

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BetterDiscord.exe

Files

BetterDiscord.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ