General

  • Target

    csrss.exe

  • Size

    63KB

  • Sample

    230314-v8c42sgh22

  • MD5

    afe5f2a8cc29794895b73355989ae460

  • SHA1

    a8d946b49542d860f1795b90bd6720c667bed85f

  • SHA256

    1736967da961b9d7d4111bb47d5db3f4a4ce80a6c26a5b59fa586a3eab86bb26

  • SHA512

    cb02b4e5866d085bec3b3f398c8b194bf4b1cdfb5d04b3b323e7d521cae579e66634eef63830e7886c2746fb9cb51ceaf023e26f6d4caadb1cc8570eeba1570d

  • SSDEEP

    1536:NZJttUdjLAQBhMUyWDwAGbbmwkXfbGMNVclN:NZJttUdjvBhMUyWDZGbbmXfY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_file

    csrss.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/3Z9zi18j

aes.plain

Targets

    • Target

      csrss.exe

    • Size

      63KB

    • MD5

      afe5f2a8cc29794895b73355989ae460

    • SHA1

      a8d946b49542d860f1795b90bd6720c667bed85f

    • SHA256

      1736967da961b9d7d4111bb47d5db3f4a4ce80a6c26a5b59fa586a3eab86bb26

    • SHA512

      cb02b4e5866d085bec3b3f398c8b194bf4b1cdfb5d04b3b323e7d521cae579e66634eef63830e7886c2746fb9cb51ceaf023e26f6d4caadb1cc8570eeba1570d

    • SSDEEP

      1536:NZJttUdjLAQBhMUyWDwAGbbmwkXfbGMNVclN:NZJttUdjvBhMUyWDZGbbmXfY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks