asyncrat | 3304872eb5f8f05b6ea7259446b5899c[.]bin

Resubmissions

20-06-2024 08:53

240620-kthqwashrm 10

12-06-2024 01:28

240612-bvnh3sxfmr 10

Sharing

Copy URL

Twitter E-mail

General

Target

3304872eb5f8f05b6ea7259446b5899c.bin
Size

33KB
MD5

a6572e5084ff243f7e1430a5df010b82
SHA1

a4b4ba699625cc44c3ff9b9f1960e697afdf9212
SHA256

44d6c4340b60dd1bc93931e2e1756e1f1c8679e1007f246815fdd7f23607b54e
SHA512

adcb04bcece5e1bd232a551b9d58a259732889bba607d42788ed16087cb0f3afa4f5d0cd05bd38c771d925e6ca172cb72ecc455f270da53f322d074a454fb902
SSDEEP

768:JBtsPJZBxwGURd9cHMj1cQFu8y9X4LWd3JEnm1YZ4TYKlSqe:vtsPJZHmR/cTowqWd3owZYKlSf

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Xchallenger | 3Losh

Botnet

Default

mochas.in-the-band.net:6606

mochas.in-the-band.net:7707

mochas.in-the-band.net:8808

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/e22a31fdf71a913964b1f1328e132325f0188b56e5a65c025f0d553e440e2cf2.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e22a31fdf71a913964b1f1328e132325f0188b56e5a65c025f0d553e440e2cf2.exe

Files

3304872eb5f8f05b6ea7259446b5899c.bin
.zip

Password: infected
e22a31fdf71a913964b1f1328e132325f0188b56e5a65c025f0d553e440e2cf2.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 62KB - Virtual size: 61KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B