asyncrat | f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27

General

Target

f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27
Size

101KB
MD5

a1fe7a12cb417958f64b2a7486d23337
SHA1

bc88d369bb44e96eefad961260d8f5ed56f21d31
SHA256

f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27
SHA512

5785cec36f07903239c530b15012de3f7707a471f039056aa2e8a425f620183a3988ec493ae805f45d85278b0f89dc39f5888e960dfce76007cd495cc0cf665f
SSDEEP

3072:LU5cxwf3iPMVDe9VdQsH1bf4DmpQbl9m0EARiBY:Lw3iPMVDaesVb+mpH0Zw

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:8080

127.0.0.1:41232

panel.zikq-shmily.com:4449

panel.zikq-shmily.com:8080

panel.zikq-shmily.com:41232

Mutex

mdhfyafeuhum

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27

Files

f281ee063206b48d5fcf7bc5e87427653a3882c403486c1ec25b4b937e167d27
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 69KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 12B