asyncrat | Microsoft_Service[.]exe | Triage

Sharing

General

Target

Microsoft_Service.exe
Size

63KB
MD5

1644c4839846a1b6524e38071528a564
SHA1

2250bbb322087bf0ba0a26a83b0e11ce5da6733d
SHA256

2f9e7eff2a3dc88b9db2382875b0d3ad4241ac09e97e8d1d779a533a8fc1d8d1
SHA512

06c28e8198d75aa5df58d678ae6145e388c5ee41f9f06b5de89e06fd821c91d5b4ef5cf3305493697eb870f0f9ab41b1e4b4de50301d0c3cf6a471de0c04eb98
SSDEEP

1536:VYQj1F212+iqsUbDh9xrsGu1SdpqKmY7:KKM1DhsUbD9HGz

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

45.139.198.242:6606

Attributes

delay
1
install
true
install_file
MicrosoftServices.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft_Service.exe

Files

Microsoft_Service.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ