asyncrat | test[.]exe | Triage

Sharing

General

Target

test.exe
Size

63KB
MD5

1f12c9bfd3dd64be8b5f0dad7a77b300
SHA1

88779806bb2ff55cc38dde6b249c37f17a9c5a12
SHA256

4557c13a23c01c66445cb1cdbaf5b8f505aa09e57a6ef30b2ae6e00f29b52926
SHA512

77affd6e0eb632a0d433f7ded84ab95ac99bbc2bc2744e1461140748a257d8f84bdc4bb83d7f7bf0e6454f7ab61cefef08a9368d9a7eab9edc76e925f8fde324
SSDEEP

768:l/XgYSjOTc+O78SAC8A+XOepeyr61urX1+T4uoSBGHmDbDTph0oXgjJYfkHSu9yV:l4N+lBn0tYUbJh9k4u9ydpqKmY7

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:4849

127.0.0.1:2157

rate-bandwidth.gl.at.ply.gg:4849

rate-bandwidth.gl.at.ply.gg:2157

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample family_asyncrat
Asyncrat family
asyncrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

test.exe

Files

test.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ