asyncrat | f253c248a7d48cdf25eec88538e6366689ce459c156511f8f32a3a27d9a90eee

General

Target

f253c248a7d48cdf25eec88538e6366689ce459c156511f8f32a3a27d9a90eee
Size

1.5MB
MD5

48b1edd37452b78cbc931b9f6f706661
SHA1

d8f7077d5ad3b086056863a8cac9b4fe6f19087b
SHA256

f253c248a7d48cdf25eec88538e6366689ce459c156511f8f32a3a27d9a90eee
SHA512

5cf927e0a23ca6a3208e88a3090bb286c1b261051bf5a88e2e6cdbb6b04413635401ec96a53e54b499b7dd021631418a30f9e2ee193f0e9ee015af60cdec3ee1
SSDEEP

24576:/+JEfJhZ8j53sY1jCeqm6qv80MaooQajSMpHYWOkEfW5EQJZrUVvsgMYHQgdUU26:/+a5csqCeq08moPajSQY5HYryHACWm

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

LoaderPanel

Botnet

Default

C2

185.39.17.70:8848

Mutex

hqjitjybornneksp

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f253c248a7d48cdf25eec88538e6366689ce459c156511f8f32a3a27d9a90eee

Files

f253c248a7d48cdf25eec88538e6366689ce459c156511f8f32a3a27d9a90eee
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B