Overview

overview

10

Static

static

10

csrss.exe

windows7-x64

10

csrss.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    csrss.exe

  • Size

    63KB

  • MD5

    20ff76bc8767743371d05456fd806535

  • SHA1

    3a8da060a3df7c3cc4e27fb3f821a962e6c01001

  • SHA256

    fb157908b2c53df553e13a91e0c9093fe4e45f2cf0c29623cf901685aa8a3221

  • SHA512

    830ca30dcb6f1d9001267cf0e118d25aeb6da12fca26d3d8e8ee862b0c9077c8d3a9b4f93750b63cac861c4a355c4ecf5c7ec3c471b43fb26daa9d30fc9dbf87

  • SSDEEP

    1536:/5HfLgF8HquzFMUyWDwAGbbmwFL3rGMNVclN:/5HfLgF8DzFMUyWDZGbbmkfY

Score
10/10
ratdefaultasyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    30

  • install

    true

  • install_file

    csrss.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/3Z9zi18j

aes.plain

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat

Files

  • csrss.exe
    .exe windows x86

    Password: 123412351235

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections