asyncrat | decode_43048329e6cd6df3e144e8592c1194cf0da5e9113653ea155e664cbcc08b4b27[.]exe

General

Target

decode_43048329e6cd6df3e144e8592c1194cf0da5e9113653ea155e664cbcc08b4b27.exe
Size

63KB
MD5

e9154e60abc1de35568af297a19089c4
SHA1

229695bc5d602df1eab477e851f4db994701d91d
SHA256

4529554d09a020003227f1d879f6e202604c5875b89b9c3088a32c65211182b5
SHA512

64b7ed965059098a2eeb438d12d4bfa14fabecc42596d3586c726f44678b13a31b92c0cc834cf6688c12d41ec1ab770e207b218bb3c98223f3a700dde3be25c0
SSDEEP

1536:hmImx6tX2kNff4sKu+UYF2Ij85b5APCxiNJrQTGtx:hm9x6tmkN7Ku+UYFw5b5xyJG+x

Score

10^/10

rat server asyncrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Server

C2

ansj.duckdns.org:35770

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decode_43048329e6cd6df3e144e8592c1194cf0da5e9113653ea155e664cbcc08b4b27.exe

Files

decode_43048329e6cd6df3e144e8592c1194cf0da5e9113653ea155e664cbcc08b4b27.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 60KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B