AsyncRAT | da6abb6f3aae

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\da6abb6f3aae250d50ed09b6eacc267c33e50895e3ebd7e6ba800ab018351ec5.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\RhFYnHFgJ.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	606.50 KB
MD5	44e407b3de4a9865ab747bdca810b0b9
SHA1	6eb199e6837432d8acb98c03b22277f340726372
SHA256	da6abb6f3aae250d50ed09b6eacc267c33e50895e3ebd7e6ba800ab018351ec5
SSDeep	12288:4H2iNSg6SKlpxxDAE7Mn3cs9OWvHoFiPEwjlk2Y/gbb:81SLlpxx8EEc85oFaj22p
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Version Information (11)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00097168	0x00097200	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.27
.rsrc	0x0049A000	0x000003A8	0x00000400	0x00097400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	2.97
.reloc	0x0049C000	0x0000000C	0x00000200	0x00097800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x00099138	0x00097338	0x00000000

Memory Dumps (11)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
da6abb6f3aae250d50ed09b6eacc267c33e50895e3ebd7e6ba800ab018351ec5.exe	1	0x00400000	0x0049DFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04750000	0x0475FFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04920000	0x04922FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x09EE0000	0x09F3AFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
da6abb6f3aae250d50ed09b6eacc267c33e50895e3ebd7e6ba800ab018351ec5.exe	1	0x00400000	0x0049DFFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04170000	0x0417DFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00411FFF	Content Changed	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
da6abb6f3aae250d50ed09b6eacc267c33e50895e3ebd7e6ba800ab018351ec5.exe	1	0x00400000	0x0049DFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0430E000	0x0430FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00199000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00411FFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

1ee85723808362f3410088df80f589348c3e886ce456f4a59d3dc19bce4ec7a8

Code Dump File

Stream

MIME Type	application/octet-stream
File Size	44.50 KB
MD5	1a986fe638c494f19302613082aefacf
SHA1	e546ace6e4635ae09bcaf12a2221ed03468a2f39
SHA256	1ee85723808362f3410088df80f589348c3e886ce456f4a59d3dc19bce4ec7a8
SSDeep	768:6uC0NTgoZqNYhWU58PnLmo2qrNuIWBqxrPIBbQ7Ov0brbDTw70fFSVTSXr6KOdI9:6uC0NTgmq12WUBbQ7OsbrbDT00dSVTSl
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpF9CA.tmp

Dropped File

Text

MIME Type	text/xml
File Size	1.56 KB
MD5	7f50080658ece04e97c8ee0ff35f561b
SHA1	6866c7a05ae9229d4ad4995c9d30160c5a5aee26
SHA256	7ad7f1c3663eddd7c8ce47f00249cbd4b582d3a7b35d97f2648228370b4702c2
SSDeep	24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt6axvn:cge2UYrFdOFzOzN33ODOiDdKrsuT6uv
ImpHash	-