asyncrat | BoratRat_Cracked[.]exe | Triage

Sharing

General

Target

BoratRat_Cracked.exe
Size

20.0MB
MD5

c68cf8d1c438a9c59878deb36d17e197
SHA1

fc6158fbab2762f1da42c7a486fd04bd8b547f05
SHA256

9e7e71f470c44d253d72a78f1ccdde34b4a0bff6242d86006cd6e364b6bbf79c
SHA512

67bad918bf1b4d1d1461ae949c7ef9e953fe447df46e7d32484914ef74cc658d8746b5bb2fb354f8c07fb961d9e4b395e7c2dab4e49e6b26d0af51aad5b27ccf
SSDEEP

393216:nm2XTCP+Zw6NLIsFfskh1BmXGnfBd+Ly:nmmTCP+Zlnk0rmkBYLy

Score

10^/10

asyncrat

Malware Config

Signatures

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BoratRat_Cracked.exe

Files

BoratRat_Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 19.9MB - Virtual size: 19.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ