General
-
Target
csrss.exe
-
Size
63KB
-
Sample
230314-v8c42sgh22
-
MD5
afe5f2a8cc29794895b73355989ae460
-
SHA1
a8d946b49542d860f1795b90bd6720c667bed85f
-
SHA256
1736967da961b9d7d4111bb47d5db3f4a4ce80a6c26a5b59fa586a3eab86bb26
-
SHA512
cb02b4e5866d085bec3b3f398c8b194bf4b1cdfb5d04b3b323e7d521cae579e66634eef63830e7886c2746fb9cb51ceaf023e26f6d4caadb1cc8570eeba1570d
-
SSDEEP
1536:NZJttUdjLAQBhMUyWDwAGbbmwkXfbGMNVclN:NZJttUdjvBhMUyWDZGbbmXfY
Behavioral task
behavioral1
Sample
csrss.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_file
csrss.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
csrss.exe
-
Size
63KB
-
MD5
afe5f2a8cc29794895b73355989ae460
-
SHA1
a8d946b49542d860f1795b90bd6720c667bed85f
-
SHA256
1736967da961b9d7d4111bb47d5db3f4a4ce80a6c26a5b59fa586a3eab86bb26
-
SHA512
cb02b4e5866d085bec3b3f398c8b194bf4b1cdfb5d04b3b323e7d521cae579e66634eef63830e7886c2746fb9cb51ceaf023e26f6d4caadb1cc8570eeba1570d
-
SSDEEP
1536:NZJttUdjLAQBhMUyWDwAGbbmwkXfbGMNVclN:NZJttUdjvBhMUyWDZGbbmXfY
-
Async RAT payload
-
Legitimate hosting services abused for malware hosting/C2
-