asyncrat | anarchia80[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

anarchia80.exe
Size

63KB
MD5

e40106ed9efff518415cb5d73c516a47
SHA1

7730c2c36049a2f42afedbaf54b8db664f8490be
SHA256

aa6e987d4b879e86e025df433bb40f0b8b45a4de8fbbd8f60bb232c6967c4b03
SHA512

2f043d64747ae3549644130f34ac0988d3ed6a5f6212c1905e45df27ee22fde8d069eea903462d269b680e7a405ea094bbdbaf9de4352d36e7b662fc1e184b64
SSDEEP

1536:/q/b71BnK+OXoH1oaoOi2YUbuh9VEE1HVuYdpqKmY7:/OW4u+YUbuB9HfGz

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

185.254.97.15:80

Attributes

delay
1
install
true
install_file
dsa.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
anarchia80.exe

Files

anarchia80.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ