asyncrat | gggg[.]exe

Resubmissions

21-12-2024 17:00

241221-vh4t3stpap 10

21-12-2024 16:17

241221-trjptssqdl 10

Sharing

Copy URL

Twitter E-mail

General

Target

gggg.exe
Size

52KB
MD5

fb6d592ff07d0e26a291b3e78c1ce139
SHA1

e5e82e613372b0795f8347ac643e954f0c514df2
SHA256

347586f7facf4ef5fcb456f6589d65cb3167a7fa4379740ff03b2c861d8cf364
SHA512

5db5797fcb1a6c2cbd2e2f4aaf2a5fd47f693116583596292531b73a36eabc8517ee7bc1d8cb5a999f45a5ca91152f0b3a810ec00ce35c8283f02d1c5e287779
SSDEEP

1536:2uu91TwSb2nth5csqQXb6HoTUdHN0QdH/:2uuDTwSb2tQsqwb6I4dtl9/

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:8808

10.59.25.45:8808

Mutex

KxaqMLMZrN62

Attributes

delay
3
install
true
install_file
Maple.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gggg.exe

Files

gggg.exe
.exe windows:4 windows x86 arch:x86

Password: njjknhkjh

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: njjknhkjh

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B