asyncrat | 99a06d8a9eda7ba2d19da54c2759a783e20922a73a4893caccc220cdaa27a883[.]exe

General

Target

99a06d8a9eda7ba2d19da54c2759a783e20922a73a4893caccc220cdaa27a883.exe
Size

312KB
MD5

520e6035e15a9422e1c4cbada69263aa
SHA1

96915e5d6adf90533c2309c84e226598773d83ec
SHA256

99a06d8a9eda7ba2d19da54c2759a783e20922a73a4893caccc220cdaa27a883
SHA512

ffcf1ff0d9161bdc9c1bbdedc66bccb8bcf74874d25ff4f4436c57aa417160c55914ccb9cb97645c728dd4d230908f707733c30c53faeb0bbfd71e6306999b3b
SSDEEP

6144:Eu6ABA0Krb3LVhA+EWHYSS66Wy6666D6b6666H666K666Z2v666y7N6oZCGEB6ax:EwKXRlYSS66Wy6666D6b6666H666K666

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

18.141.204.5:80

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
syteam.exe
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99a06d8a9eda7ba2d19da54c2759a783e20922a73a4893caccc220cdaa27a883.exe

Files

99a06d8a9eda7ba2d19da54c2759a783e20922a73a4893caccc220cdaa27a883.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 266KB - Virtual size: 266KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 266KB - Virtual size: 266KB

.reloc
Size: 512B - Virtual size: 12B