asyncrat | 0x0009000000016c88-92[.]dat

General

Target

0x0009000000016c88-92.dat
Size

47KB
MD5

9c4b68850249e708088728ef30466d0a
SHA1

b604a79dba551db36309ac0b961d738bb3d1dba1
SHA256

c12b88e20e297909d50c574acd4de33e3c3dd93399014d2be20c345701793fbf
SHA512

09cf9d899ee62bb439ae66288ca27f8ba9b808599077f752de36d669f2ef7cc3dee1b881fbb271de7a7efce97ca9d4e76a7504f185c656d7b1d4b4c35b71e8f0
SSDEEP

768:0u6ZdTvER+SWUk6P4mo2qbWjSQTHTx9zYzPISLSWGkj0betHDX+J4+y4PIAY0TpN:0u6ZdTv2S2vSIHTx/SLSnbetjX44qPI4

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

176.111.174.140:6606

176.111.174.140:7707

176.111.174.140:8808

Mutex

oTA1Qk0GTnww

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0009000000016c88-92.dat

Files

0x0009000000016c88-92.dat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B