asyncrat | 3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738

General

Target

3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738
Size

261KB
MD5

9206cb7b2e14f4801a597894a156b8e5
SHA1

c0a84cb768f5848b83fafd0f3b7313a60d0cec9a
SHA256

3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738
SHA512

1aabb8ef8b18d49baf39f0fe65b941f7ac02dc6fb2bd4cddc86e1bb889cf745fd7de980bfe96365ccdc0a168fb4424c6edbd724b50f265303dd812a44b1b830a
SSDEEP

6144:vuEat9Zl5bubNNUXeEdQ2BHyaUFRwFCX0hVt:v8lOafLRmFaCmt

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

chela.ddns.net:1177

Mutex

CF6aV8bVJb6I

Attributes

delay
3
install
true
install_file
AyoubHDJ04.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738

Files

3264d80b841271f4c5da008feb2b11ba2e5702ad8bed7751d8a53883f75d1738
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 215KB - Virtual size: 215KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 215KB - Virtual size: 215KB

.reloc
Size: 512B - Virtual size: 12B