asyncrat | 00d5c9e8629a2381333eaa0356a7d7208665e4f806013a75e0e864fe4fd26c7d

General

Target

00d5c9e8629a2381333eaa0356a7d7208665e4f806013a75e0e864fe4fd26c7d
Size

28KB
MD5

7bb5008cf061b4b26450d33087c0817d
SHA1

ec34bb1ecd56efc4a1f6f38893d3e75ea02c63af
SHA256

00d5c9e8629a2381333eaa0356a7d7208665e4f806013a75e0e864fe4fd26c7d
SHA512

9e584eb5ffcc277105e9cdff80a85b5e43136399f0358fcd21b7f03628dd7e2a45ff1f017b8810210772a31dfa0c8037371cbc6c3b23f0af68d0687a8a111d05
SSDEEP

768:cJI6JvFH8AN9HXnq76EDlRRVZikMkj4hNJDseVgajbp:c3tHdHyzRRVZikME8NlRuibp

Score

10^/10

rat junio 28 asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

JUNIO 28

C2

wins26junspam.duckdns.org:9003

Mutex

AsyncMutex_6SIkaPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/63025373262924d8cf6755fc359fa04b19124e88dc8bd62b191ff8638be9f9fc.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/63025373262924d8cf6755fc359fa04b19124e88dc8bd62b191ff8638be9f9fc.exe

Files

00d5c9e8629a2381333eaa0356a7d7208665e4f806013a75e0e864fe4fd26c7d
.zip

Password: infected
63025373262924d8cf6755fc359fa04b19124e88dc8bd62b191ff8638be9f9fc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 60KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B