General
-
Target
AsyncClienddt.exe
-
Size
118KB
-
Sample
240427-bszhkaha3t
-
MD5
059ec6fbd20b0b431a48f8760e5e738e
-
SHA1
62ca3f138a540aee80657cbbfe8cd222c59f9b3c
-
SHA256
c4928f1e9bccb36765b10f9f4b4800d65f4ea91c8ceb13c6ee4500108da1a543
-
SHA512
1d7ea52ecffc2dcf7e2377e57c6d427b1f575d83d53f027950d450afa26a1a003d14f2a61cc5f5717508328d3b13d0f703c4967a725f817b258dd0720aba2c3d
-
SSDEEP
3072:pugwTcIb2VE5G3byxfHDyUWddeI63MD/AY1Jjwqy/kX2580x:pugIKB3bGyUDI63MzAYLEbkXMB
Malware Config
Extracted
asyncrat
0.5.8
Default
nGvA3OOdmtVS
-
delay
3
-
install
false
-
install_file
kami.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/8QYz2mTR
Targets
-
-
Target
AsyncClienddt.exe
-
Size
118KB
-
MD5
059ec6fbd20b0b431a48f8760e5e738e
-
SHA1
62ca3f138a540aee80657cbbfe8cd222c59f9b3c
-
SHA256
c4928f1e9bccb36765b10f9f4b4800d65f4ea91c8ceb13c6ee4500108da1a543
-
SHA512
1d7ea52ecffc2dcf7e2377e57c6d427b1f575d83d53f027950d450afa26a1a003d14f2a61cc5f5717508328d3b13d0f703c4967a725f817b258dd0720aba2c3d
-
SSDEEP
3072:pugwTcIb2VE5G3byxfHDyUWddeI63MD/AY1Jjwqy/kX2580x:pugIKB3bGyUDI63MzAYLEbkXMB
-
Legitimate hosting services abused for malware hosting/C2
-