asyncrat | 6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e[.]zip

General

Target

6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e.zip
Size

90KB
MD5

ca08d5347d913b68ecdf49e2f4ca5570
SHA1

f10bb7c042ac85b1049fdceb29a1d9ca014c4207
SHA256

d6514e2f8547ed3f30d72aa059e250ca26e73253a17cab529fed8a06668c5023
SHA512

ca7002f23a4c7001b6e5ecf336ad6f148e904e7db509bc1e96776ab32556caf55336fe72f3a8104de68bac2802c682262c1edee4de7ca3598a8cac930e4693b9
SSDEEP

1536:j/tRFZ1UD50KXq3fvnVT1jQ671SMeE7EBwpUAc7xZ87WAHXYi5O+Z9Esozk:r7t0mKXqPvVlQYAEYwaAc7s73oi5OMt

Score

10^/10

rat asyncrat

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Mutex

server.underground-cheat.xyz

Attributes

aes.plain

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e.exe	family_asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e.exe

6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e.zip
.zip

Password: infected
6475637fff05177a05bf6e84301c09492f21766ea3ba0068f3f70c4d0d886a9e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ