General
-
Target
kam.exe
-
Size
760KB
-
Sample
240616-jw1tsszcnp
-
MD5
28757e3a39258506c96ec68e8c67da9b
-
SHA1
932f54d3dbed61e60b923eb842f3452df2aa10af
-
SHA256
d4a0b8345dc0ecb03f2fae12c101019c7777a8d9eff66cc6bb8bc48086e44537
-
SHA512
075195f2f04ebb5999547a87c082902b4f3bb47749c97a618b395091dc317b6c692ad05f28cdefa8aee6c4decf9969c056a9b756988ee21141029ad871b0f962
-
SSDEEP
12288:SgGB4Pa2gx3K9Tdsei7ckak3mywu+XxvewTTzXsS6rhuPNlyAcI1KSUJGC1wJD:SgGB4Pa2uYTK7CVXx5TsTqlye/D
Malware Config
Extracted
asyncrat
0.5.7B
Default
ghdsasync.duckdns.org:8797
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
kam.exe
-
Size
760KB
-
MD5
28757e3a39258506c96ec68e8c67da9b
-
SHA1
932f54d3dbed61e60b923eb842f3452df2aa10af
-
SHA256
d4a0b8345dc0ecb03f2fae12c101019c7777a8d9eff66cc6bb8bc48086e44537
-
SHA512
075195f2f04ebb5999547a87c082902b4f3bb47749c97a618b395091dc317b6c692ad05f28cdefa8aee6c4decf9969c056a9b756988ee21141029ad871b0f962
-
SSDEEP
12288:SgGB4Pa2gx3K9Tdsei7ckak3mywu+XxvewTTzXsS6rhuPNlyAcI1KSUJGC1wJD:SgGB4Pa2uYTK7CVXx5TsTqlye/D
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-