asyncrat | 0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59[.]exe

General

Target

0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59.exe
Size

46KB
MD5

34dd1859e3b572cb15c85c7255d1a2dd
SHA1

76f166cef6f5a11d45e5d0cbc53c40b8e89ccb73
SHA256

0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59
SHA512

2373268b5da51e3f8ca0eb6f8fefa5e801c7c4494944296cf1ab4df7c9f5c274cb6a6ae3ef972ddb065d078d0954324a3651ade4f7725ff71e474958e2932b90
SSDEEP

768:o+qb/VbXngXB6XqkOicvHk3eHlWMPbPgF0qk86nFVS3pALZtYI6OCq2tYcFmVc6K:o+joaXvZH0ub4FrktFVS3pid6O/KmVcl

Score

10^/10

rat null asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

Botnet

null

C2

jhonjhon4842.ddns.net:6606

jhonjhon4842.ddns.net:3389

Mutex

jicaltapntot

Attributes

delay
5
install
false
install_file
explorer.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59.exe

Files

0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 41KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B