asyncrat | IpCam Bruter[.]exe | Triage

Sharing

General

Target

IpCam Bruter.exe
Size

143KB
MD5

ff94c762dc8bda27e4e75c4285ab89fa
SHA1

897b8c1939ce10abf5b5b5cbc71883adb8715afe
SHA256

10c0d4921910751c17d1ab6c74e48a3c9d5be28aa55b80762418765dcdcbe06c
SHA512

6df88282d7898a9123459cab326881521e6ad4f39ddf8c5dbb95c0cb5635521673a1a4ada47f4f68fdb948f384912a718bb8f7cf712b5c25377493e0dba26707
SSDEEP

3072:d3YO5kKdXl0ZRBL/Tuny9bdcGZcKRWpgep82z:JYO4RBTTgy9bCdX

Score

10^/10

rat asyncrat stormkitty

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IpCam Bruter.exe

Files

IpCam Bruter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ