asyncrat | 040ef285cdbca1ab4b3ceaeac8f0ace87aca7d2147123a1359f27a3039b0b700

General

Target

040ef285cdbca1ab4b3ceaeac8f0ace87aca7d2147123a1359f27a3039b0b700
Size

47KB
MD5

ee9bd2b3d64511b880fcbd8ad23c71fa
SHA1

8c2cc8c959621c4543c9aa111367adb77f1ec697
SHA256

040ef285cdbca1ab4b3ceaeac8f0ace87aca7d2147123a1359f27a3039b0b700
SHA512

47c90a3a2093796a8b324fd76f92bc6f5a3975272f88305352d3e9c4fcd543f2c2421d7ed0d95e9df0cda33e6fb58b2a10c3a400bdeb6c1cb4912d50970623ec
SSDEEP

768:EuwvNT8E2mLWU3FvZmo2q7JGiMQsCmPIaggsbw0bRKoyqIShOVqTZxSbKBDZ8x:EuwvNT8xk27fQsCPaggCbRKoNLOVqTZQ

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

3.27.199.84:9182

Mutex

gRLpFG01LHh3

Attributes

delay
3
install
true
install_file
RuntimeBrokerSvc.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
040ef285cdbca1ab4b3ceaeac8f0ace87aca7d2147123a1359f27a3039b0b700

Files

040ef285cdbca1ab4b3ceaeac8f0ace87aca7d2147123a1359f27a3039b0b700
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B