asyncrat | edada[.]exe

General

Target

edada.exe
Size

47KB
MD5

f6093b7c45edb15a9d1bf77c5ea7fc6f
SHA1

eec1c1c523fe47fcba093c109c67320c38dc0db2
SHA256

49faef491cbfe43dd44266f822d744a9d5543fd01375c2b3d89fbe744ff7b400
SHA512

ba0a3f173c4e4927a581a2d2aa8a17340f0f0548c4311afe8d84183769978e81a3df1ce4525cd349455f7d6c197755871ddfa5eedd8111738e6dd76850608e73
SSDEEP

768:Nuu91TwQsOnFWUFN1/mo2qDaIvyP10ozjFz2PI87fl/nt0bCyJpBuaOk0KB07JDG:Nuu91TwSb231pZ/8LlCbCqcDgBYdQkdK

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

trip-thesaurus.gl.at.ply.gg:6606

trip-thesaurus.gl.at.ply.gg:8808

trip-thesaurus.gl.at.ply.gg:1337

Mutex

sk4bkiT4mXvt

Attributes

delay
3
install
true
install_file
edada.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edada.exe

Files

edada.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B