asyncrat | 15431165506e72ea15a1dafc9e06ea65a5c948ed5db15d2acf0c9103237f3e63

General

Target

15431165506e72ea15a1dafc9e06ea65a5c948ed5db15d2acf0c9103237f3e63
Size

856KB
MD5

cee3b79b219165eef507e20f9da35010
SHA1

70387dabb739b0aae0ccb5781808b0215bf9493e
SHA256

15431165506e72ea15a1dafc9e06ea65a5c948ed5db15d2acf0c9103237f3e63
SHA512

2f4b070dc1defd5bde74e149bf2db7b86f920fd3ea86006b8947aea95ab85655cd68a9c1235f5e333aed869072e6212b48a3fd30c818d5feaeb5c41fb5df0ec2
SSDEEP

24576:Z692YkUt0N1ch7OakodvWEqZBr2qi8x8y1j7:0gYkg0N27FaCqHf

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:2243

147.185.221.21:4449

147.185.221.21:2243

Mutex

moxnqnlnkiz

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15431165506e72ea15a1dafc9e06ea65a5c948ed5db15d2acf0c9103237f3e63

Files

15431165506e72ea15a1dafc9e06ea65a5c948ed5db15d2acf0c9103237f3e63
.exe windows:4 windows x86 arch:x86

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 736KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

msvcrt

iphlpapi

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 88KB - Virtual size: 88KB

.sedata Size: 736KB - Virtual size: 736KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.sedata Size: 8KB - Virtual size: 8KB

.text
Size: 88KB - Virtual size: 88KB

.sedata
Size: 736KB - Virtual size: 736KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB

.sedata
Size: 8KB - Virtual size: 8KB