Overview

overview

10

Static

static

10

edc777668f...0N.exe

windows7-x64

10

edc777668f...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    edc777668f9ce5ff6214e2a6cbbef3a0N.exe

  • Size

    48KB

  • MD5

    edc777668f9ce5ff6214e2a6cbbef3a0

  • SHA1

    5f61bc93c7c32c8c800be8a3c35e8459ca3c7c48

  • SHA256

    82b3763c958a8b5b12a9b37644839f9298e3cc620e5c4f52aed530f10e8c0c10

  • SHA512

    369d248038a8b6b0abbe4e8b88d2aea6e79232c07adfa6cffa0a384e5b2e789cb330e1446a9840373791628c4beaf52be67ab2f2a1115071f6b2d372768ebaed

  • SSDEEP

    768:losixILh4TD+ZioPSPNUiCj8YbFgeiS9EyzBx6HvEgK/JQZVc6KN:lo7douqzbCHS9HcnkJQZVclN

Score
10/10
ratdefaultasyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

192.168.0.106:80

192.168.0.106:25868

192.168.0.106:60446

192.168.0.106:204

koeilz-25868.portmap.host:80

koeilz-25868.portmap.host:25868

koeilz-25868.portmap.host:60446

koeilz-25868.portmap.host:204

nikbobra-60446.portmap.host:60446:80

nikbobra-60446.portmap.host:60446:25868

nikbobra-60446.portmap.host:60446:60446

nikbobra-60446.portmap.host:60446:204

26.119.255.204:80

26.119.255.204:25868

26.119.255.204:60446

26.119.255.204:204
Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    true

  • install_file

    piska.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • edc777668f9ce5ff6214e2a6cbbef3a0N.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections