asyncrat | jjenestmare[.]exe

General

Target

jjenestmare.exe
Size

74KB
MD5

7a9025f191b6236feb34cefdcf0c7812
SHA1

083a6c80e8c33c8161aa4e3e8327002d56ea4bd1
SHA256

c4d74222a03c2ca6298f44cd66e0011715e366dbd9f58e68818df3e4e3a448ad
SHA512

eb8d8a96eadb7c519eaa96dd895b97d2ce3bdc8b6968203dbc966954f14c0be1474b53c0d27f41305a4a86eadd05f16293fd797be139287fb0fccf23deccc971
SSDEEP

1536:+UFQcxyN1hJC1GPMVJ+47cIDH1bs/1xbHH4JQzcyLVclN:+UacxyNl+GPMVJ+O5H1bsdxDQQjBY

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

192.168.0.123:7000

Mutex

qncfpsnreuuyghzz

Attributes

delay
1
install
false
install_file
yesssa
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
jjenestmare.exe

Files

jjenestmare.exe
.exe windows:4 windows x86 arch:x86

Password: pass

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: pass

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 69KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B