asyncrat | Shellbag analyzer[.]exe | Triage

Sharing

General

Target

Shellbag analyzer.exe
Size

247KB
MD5

d3b88d7974e5ef23ed78f97d18fd0f8a
SHA1

cba12e2cfc60e994fbb7e99317c3130af9a532ea
SHA256

a39234abb087b986209b4ed86dbecafb50347409f37f6d20f2ca82230c356f79
SHA512

6e295e1f17e65d7685542304c8846ba076e4a52985a8cdc342cfa2969453050f6b7e98dbfe4f41247fe5dcce1f191daad42556913e04be0cc5a66c83909ab2b9
SSDEEP

6144:/bwmPMVWrVb3rBPwF9kfK8rpClz0KBb6o589GHWHWujiSPbp:/bw8ZrB5gBuj/PV

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

sdhjriajyp

Attributes

delay
1
install
true
install_file
update.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/f2T8NYnM

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Shellbag analyzer.exe

Files

Shellbag analyzer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ