General

  • Target

    JASONRAT_2.1.1.0_BugFix.rar

  • Size

    35.3MB

  • MD5

    f5b8044d70c4e4651608959aa54387f7

  • SHA1

    74eda3d5df2bfcfac1eba2986a1c500cefbe595a

  • SHA256

    64a5ea7b2a169c65b33827d17c39492612ee17d5ef02852d4915c698fb029ee2

  • SHA512

    12a1da9705daac3d963cb71cbd51cc0506631e0a2aa2119776d4120f6d6068d0aabbfc3d933ec5a933ff115eaa45eecce7dda2b980bf2b5280a7a3e8acc3ee19

  • SSDEEP

    786432:z6/qJvsj/wKb4t7+zdCzT0MBGriIk44I3y+:z6yJvmp1AzQcfY9

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 9 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Unsigned PE 9 IoCs

    Checks for missing Authenticode signature.

Files

  • JASONRAT_2.1.1.0_BugFix.rar
    .rar

    Password: @Code2Reverse

  • BackupCertificate.zip
    .zip

    Password: @Code2Reverse

  • ServerCertificate.p12
  • BouncyCastle.Crypto.dll
    .dll windows:4 windows x86 arch:x86

    Password: @Code2Reverse

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bunifu.Licensing.dll
    .dll windows:4 windows x86 arch:x86

    Password: @Code2Reverse

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuDropdown.dll
    .dll windows:4 windows x86 arch:x86

    Password: @Code2Reverse

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuLabel.dll
    .dll windows:4 windows x86 arch:x86

    Password: @Code2Reverse

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuPictureBox.dll
    .dll windows:4 windows x86 arch:x86

    Password: @Code2Reverse

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuSeparator.dll
    .dll windows:4 windows x86 arch:x86

    Password: @Code2Reverse

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuTextbox.dll
    .dll windows:4 windows x86 arch:x86

    Password: @Code2Reverse

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuToggleSwitch.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuToolTip.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bunifu.UI.WinForms.BunifuTransition.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • IconExtractor.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • JASON.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • PeNet.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • ServerCertificate.p12
  • Telegram.Bot.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Vestris.ResourceLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • cGeoIp.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • dnlib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • protobuf-net.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections