asyncrat | RuntimeBroker[.]exe

General

Target

RuntimeBroker.exe
Size

48KB
MD5

d9a8b8d68e324839f69ece3a04575db8
SHA1

e62d94e7b067915645d8b6aed6222f90e44c5745
SHA256

98040733ac189b6a213b5ba69a758f205207beed0f0805ff99ea4566c50f6371
SHA512

4e5a0c660d2f0e2941c786c9f1490fef465c1ebf31ce4b76ffca659b1b22312b67632f76df5bf5f1717b46bf84949ded52506f337e8ff5c5806b8fc417743791
SSDEEP

768:Qu+01TQQEX1WUVt1Pmo2qjzzqLCLke9xWRfGtW0budjTPxk7lslvIroPRH4D6cD4:Qu+01TQfb2rLHeSRQ5buxxkhslvIwH4O

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

win-five.gl.at.ply.gg:62867

Mutex

wSVzarUq9UtI

Attributes

delay
3
install
true
install_file
RuntimeBroker.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RuntimeBroker.exe

Files

RuntimeBroker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B