asyncrat | AsyncClient[.]exe

General

Target

AsyncClient.exe
Size

52KB
MD5

422b49a2404d8e67c9cd57d46acc97d0
SHA1

89ca4038856c67d12d31750a799aa88b08acfb82
SHA256

b7a9152f897cb11101d370f3b1ef30d411d4e4116a57ef31d340a58952cf4c1c
SHA512

2d9a65aacce93def1829971071b3c02c64555c0e30deca5ff8b12d04202e4b0a5e85cce8c7e61dfad1d966fe027086e7d18e1bf1c23dbe9695f2a8e082fdc77c
SSDEEP

1536:Ou4X9Tswb2vOnZH4fAzb03lKuIvLZQ7dqx:Ou4tTswb2vOnZH4fAb038L+7wx

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

x5sql-62870.portmap.host:62870

Mutex

c2VJpocLoXmn

Attributes

delay
3
install
true
install_file
Defender.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AsyncClient.exe

Files

AsyncClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B