asyncrat | 1724651706a74abcdfafd3b4ccafd9d5fb86ab12740c2c566c975c7fc300271cac9d6890ea806[.]dat-decoded

General

Target

1724651706a74abcdfafd3b4ccafd9d5fb86ab12740c2c566c975c7fc300271cac9d6890ea806.dat-decoded
Size

63KB
MD5

ddcd5c52e63a4df0de291d5c6c5c0ff9
SHA1

adb18cfc0151199bf5e159cc6d9b44089e911b08
SHA256

6bb2386101837fd4e8a32018f2d8ec5bbd646bef9a5513783f782fe2ae1ff3e0
SHA512

f1461206c619945493558e8e036b6f8a94b742878e3ca1184a6fa1cbbf2158b7920526bc27e77f2f4f552e7c994ef6f7c59827d5cf1468464d6650dcdb3493b0
SSDEEP

1536:nqVdKDvN8koKoKuHUYFcO8I5bnAPzqvpPuK6crXlTGpx:nqXKbN8kmKuHUYFuI5bn/huUlyx

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

trabajo25.duckdns.org:3000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
server.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1724651706a74abcdfafd3b4ccafd9d5fb86ab12740c2c566c975c7fc300271cac9d6890ea806.dat-decoded

Files

1724651706a74abcdfafd3b4ccafd9d5fb86ab12740c2c566c975c7fc300271cac9d6890ea806.dat-decoded
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 60KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B