asyncrat | TON DDOS[.]exe | Triage

Sharing

General

Target

TON DDOS.exe
Size

75KB
MD5

06eaec3a5cb7252e97abd37ddf54197f
SHA1

74e6a469391440d9ac7d1adc9441da069d9cfc44
SHA256

f323b5b0eae72fea64467cc0cc66af93aedac7a524246b7014ef63b50e325ff7
SHA512

514522a7284dcec3a7f8c57370c05086ad0852f63937b39ef0800d8180a978539afb4047e8c064ec4455030ddbe2b8fc1d95b053e2b729e8569425900783a66f
SSDEEP

1536:Tu2z1T1y52I40FvL5AbnfxOv0qid0d825Zw9:Tu2xT1y52I40FvebnUvhid0tHw9

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
launcher1.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/xaLN0L9h

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TON DDOS.exe

Files

TON DDOS.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ