asyncrat | Software (1)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Software (1).exe
Size

63KB
MD5

68023210e2b0b648b055946ad3e14cc1
SHA1

dec1793f84cf9a33f29b2656db3c343d92891970
SHA256

7766f8794ffc91e5ae73ec2d3e8c880679307253cc257a8cb80e337213571d7b
SHA512

3f5c976552a60d79b0fba1dd78cf4db6d8a989bc3b96b09e7a1cda459fc36693f554c9d2ef3541dd8286b06c62c542095af3625d6553453322d35b046460ec83
SSDEEP

1536:l2r+2kbN3L/1cTYUbBh9Z3HE0yu9ydpqKmY7:QWdL4YUbB130Gz

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

85.209.133.130:3232

Attributes

delay
1
install
true
install_file
Runtime Broker.exe
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Software (1).exe

Files

Software (1).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ