asyncrat | download[.]exe

General

Target

download.exe
Size

65KB
MD5

97e2a799af6730778022e3860f838df4
SHA1

6553253c30e5cb7d9fa19fa4e05543ca6305e848
SHA256

61833e4934a1f4ca8c8465ae6ec5112f4a92b59a2e67f0767e31bc7390f55099
SHA512

dada8b74d68fcd4d53d87dd9a75efb44e0939606d1e6b1ac095e978a32268c1e71c4005ab7bbe05349c7efcbc616caf1041960f99cd75acbbe9ab440a0400944
SSDEEP

1536:02AZkvF1ISlC2OAaZtF/HSRRUysfnwV6JxMbXc6Wb50MEOAoZLhWkoLtqRISLWcx:026kvF1IRysfnwV6J2oJb5fE9cW/L4Rb

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

grogrogrogro.ddnsgeek.com:4444

Mutex

AsyncMutex_6SI8OWDAW

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
download.exe

Files

download.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 62KB - Virtual size: 61KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B