asyncrat | spoofer[.]exe | Triage

Sharing

General

Target

spoofer.exe
Size

63KB
MD5

7b83be6f1191a46dffbcb8b247032ff1
SHA1

aa8d7a06023c02b0da56a7709da6166a4aa29e27
SHA256

aa78748b86f0ff09a010cf75093b1174f3e26e140b350150282f503cdb446b4d
SHA512

a5616b85d65cf396cd4c0dbbb88adbae6929e662d0121fd15449fafcdc606bfb666638772869b5787072f74c631734169a46a2d9ec151e410ab185b702cb563a
SSDEEP

1536:yEXign23dVdu3kYUbZhPnqTEq2nuuKpqKmY7:yZO23dyUYUbZNqPqZz

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:7000

127.0.0.1:21974

147.185.221.22:7000

147.185.221.22:21974

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample family_asyncrat
Asyncrat family
asyncrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

spoofer.exe

Files

spoofer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ