asyncrat | EZFNv2[.]01[.]rar

General

Target

EZFNv2.01.rar
Size

32KB
MD5

89118539912edb83dbda75e8ad93f282
SHA1

de78d129e2994af87d226ebc9214b83dbf7b4a0c
SHA256

901ef4f8fed2447725cf559d3816c0dbe69aac7c1962265749fdefdd136dfa77
SHA512

cae831c1a8c47d7eceaad117102cf7a9fab555bbf5c0aa0fff6443a2a42100a4be5686299af1c1631342b9807f8d9be0e95d40dc0121f2ec98776044cf239448
SSDEEP

768:w5FcmWNwGZP+vvxvZYrWAwdNelAqQy8drOkON:8/WKGY3xZBdNIAWmQ

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:20953

127.0.0.1:80

72.10.160.170:4449

72.10.160.170:20953

72.10.160.170:80

154.65.39.7:4449

154.65.39.7:20953

154.65.39.7:80

Mutex

edwqdeqw

Attributes

delay
1
install
true
install_file
qfewqwfeqw.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/EZFNv2.01/EZFNv2.01.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EZFNv2.01/EZFNv2.01.exe

Files

EZFNv2.01.rar
.rar
EZFNv2.01/EZFNv2.01.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EZFNv2.01/README.txt

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 69KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B