Overview

overview

10

Static

static

3

kam.exe

windows7-x64

7

kam.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kam.exe

  • Size

    6.6MB

  • Sample

    240708-dv23ksscnf

  • MD5

    a6e278e8a725750c14090f222a034bf8

  • SHA1

    e4e25334525147214ed5c83fe3c6e06f9e72981d

  • SHA256

    ab8c7950c7cf1c5d5f0f1953f725e50cc882b41dc3c934554cc03ce79b52ffce

  • SHA512

    f13b8c2da7b7191177b367fa4850a5c2e1b2b43137bfce0795977bb1c0139ac6ca1f8b6ecfc7ded323a86c831d1e3e2533a35ee86e0ff3bb8bc2d740b080674e

  • SSDEEP

    98304:pCO86/jo1hZlzb71QGQCPDbZfxz87le5BLoHLSLgj8NnJwFDDEy2nZsBJ1nCkKQg:MODLofdQmRKuErSEEJwdFvZnCkK

Score
10/10
asyncratdefaultpyinstallerrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

anachyyyyy.duckdns.org:7878

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      kam.exe

    • Size

      6.6MB

    • MD5

      a6e278e8a725750c14090f222a034bf8

    • SHA1

      e4e25334525147214ed5c83fe3c6e06f9e72981d

    • SHA256

      ab8c7950c7cf1c5d5f0f1953f725e50cc882b41dc3c934554cc03ce79b52ffce

    • SHA512

      f13b8c2da7b7191177b367fa4850a5c2e1b2b43137bfce0795977bb1c0139ac6ca1f8b6ecfc7ded323a86c831d1e3e2533a35ee86e0ff3bb8bc2d740b080674e

    • SSDEEP

      98304:pCO86/jo1hZlzb71QGQCPDbZfxz87le5BLoHLSLgj8NnJwFDDEy2nZsBJ1nCkKQg:MODLofdQmRKuErSEEJwdFvZnCkK

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

      rat

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks