asyncrat | Free Fn External (BETA)[.]exe

General

Target

Free Fn External (BETA).exe
Size

48KB
MD5

dc2161955d406b3c48415ac395e651f2
SHA1

2ee94a040ac5850a3c7f66dee931b7dfc05091a8
SHA256

219b31b9527c6ee529021a15017c007a54f94ea52d1f8bba9b983e9546491201
SHA512

0774ff2c110e80de0e2e70e1cbc85cf64c2345276156e69503298fe6a462017de8c0659c9e04db24e391379bb5b8a4404c53169bcd04e899f134027acd9302af
SSDEEP

768:SujY01TBEwp/WUT1y9mo2qzEL4g6lHPIRFwrd0bEHH1hdqAbTA4XWBDZ8E:Su801TBvo2p6qRFwr6bEn1h8gA4X4d8E

Score

10^/10

rat getbeamed asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

GETBEAMED

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:4782

127.0.0.1:8808

127.0.0.1:40708

GETBEAMEDNIGGAXDD-40708.portmap.host:6606

GETBEAMEDNIGGAXDD-40708.portmap.host:7707

GETBEAMEDNIGGAXDD-40708.portmap.host:4782

GETBEAMEDNIGGAXDD-40708.portmap.host:8808

GETBEAMEDNIGGAXDD-40708.portmap.host:40708

Mutex

62pUxVOx2jfp

Attributes

delay
3
install
true
install_file
.net2.exe
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Free Fn External (BETA).exe

Files

Free Fn External (BETA).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B