Summary | ZeroBOX

4d5a_1.exe

AsyncRAT .NET framework(MSIL) UPX Malicious Library Malicious Packer .NET EXE PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 12, 2023, 10:01 a.m. Sept. 12, 2023, 10:03 a.m.
Size 45.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 4e34b4531e08ee1f415386edad449217
SHA256 fe3c548336165075bcab9204e3fd9aff5acd4aea71fe0feb01145dd66de25373
CRC32 29A7B9F9
ssdeep 768:fu/6ZTgoiziWUUM9rmo2qrfCEIikuPIbzjbegX1iJzqAWlI6GDao74xBDZ7x:fu/6ZTgle2OCZXb3bhXkJX76GOoEPd7x
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • AsyncRat - AsyncRat Payload
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
mr1robot11.ddns.net 45.156.85.189
IP Address Status Action
164.124.101.2 Active Moloch
45.156.85.189 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2028675 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic
TCP 45.156.85.189:6666 -> 192.168.56.101:49165 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
TCP 45.156.85.189:6666 -> 192.168.56.101:49165 2035595 ET MALWARE Generic AsyncRAT Style SSL Cert Domain Observed Used for C2 Detected
TCP 45.156.85.189:6666 -> 192.168.56.101:49166 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
TCP 45.156.85.189:6666 -> 192.168.56.101:49166 2035595 ET MALWARE Generic AsyncRAT Style SSL Cert Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49165
45.156.85.189:6666
CN=AsyncRAT Server CN=AsyncRAT Server c5:2b:e0:b1:93:a4:1a:39:50:8b:a9:c1:06:22:2d:79:98:d4:36:9d
TLSv1
192.168.56.101:49166
45.156.85.189:6666
CN=AsyncRAT Server CN=AsyncRAT Server c5:2b:e0:b1:93:a4:1a:39:50:8b:a9:c1:06:22:2d:79:98:d4:36:9d