asyncrat | eeeeeee[.]exe | Triage

Sharing

General

Target

eeeeeee.exe
Size

74KB
MD5

0e25636a64d8988a2f2a18a7969626d2
SHA1

524b58b47fd563b37ffc9c363d8c09101cacd2d4
SHA256

8dc4278083a8db73ad2499dcc55a2a5ce44b5bbfe7c2e4776d61597c9634e645
SHA512

248187747727b6875ba1df02547fc2c098c8d90615fcf6626f328ce31d183b9c99f779ccd0d25aaef003b89bdf830715786b46c5a543346316ff1b4608d6a6cd
SSDEEP

1536:3UFAcxehvCw2PMV21ricIMW1bH//giTQzcGLVclN:3U6cxe1/2PMV8ri+W1bH3XTQfBY

Score

10^/10

rat default asyncrat venomrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

88.173.32.153:8081

Mutex

ogjwcholityhqynwcm

Attributes

delay
1
install
false
install_file
meme
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample family_asyncrat
Asyncrat family
asyncrat
VenomRAT 1 IoCs
Detects VenomRAT.
rat

Processes:

resource yara_rule

sample VenomRAT
Venomrat family
venomrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

eeeeeee.exe

Files

eeeeeee.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ