asyncrat | d9afd43ff9f29e05064ce006cf0bda621b917851f4017b2186127fee603850c6[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d9afd43ff9f29e05064ce006cf0bda621b917851f4017b2186127fee603850c6.exe
Size

64KB
MD5

6a5790f128089879ae9fd8a9cce40b57
SHA1

edc90c93dcee5d6ded2ea173dbb099d97e631f6b
SHA256

d9afd43ff9f29e05064ce006cf0bda621b917851f4017b2186127fee603850c6
SHA512

36155ce23e4c3a17a480457abc4bd58a8fcee299274cfbd85d97f67d46687ecce2dda7cf6b303ff585c51561bd61b9e2ec978272943a88e00ed2c2b50bdd29f7
SSDEEP

1536:x2jxnfQXAyxTidTycztHi5QvQuUjbDIyhnK2cWi7ONz+x:x2jxoxxTidTycztCSvQuUbD9cVwax

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Xchallenger | 3Losh

Botnet

Default

torrentmoviess.com:111

torrentmoviess.com:6606

torrentmoviess.com:7707

torrentmoviess.com:8808

Mutex

AsyncMutex_alosx

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample family_asyncrat
Asyncrat family
asyncrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

d9afd43ff9f29e05064ce006cf0bda621b917851f4017b2186127fee603850c6.exe

resource	yara_rule
sample	family_asyncrat

resource
d9afd43ff9f29e05064ce006cf0bda621b917851f4017b2186127fee603850c6.exe

Files

d9afd43ff9f29e05064ce006cf0bda621b917851f4017b2186127fee603850c6.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 61KB - Virtual size: 61KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B