General
-
Target
aaa.exe
-
Size
149KB
-
Sample
241017-y4yrqsxdnm
-
MD5
3d2739b6db356076ff403d1894488e0a
-
SHA1
9a5b9a171c84022a295617f0abe0a28d4cbf1490
-
SHA256
530fb8b9a65df5bf633a5dc8d71bd88e60467a57f7579e8c8507c28bf20ac146
-
SHA512
e8fe7979f61ae37dc806b57525692a8fed62ee21bbe797a994f99718b5424d476af3a57c50f1dff7fecc111a9323c2601a5885ed08a9fbf8e0f6479f3b3d0242
-
SSDEEP
3072:V5KFwkerGanuj1Geh+zg0oF/k4wFdbPXVXQyvHTeaoFU:V5qwLGauj1/yg3adbPXVXQyvX
Malware Config
Extracted
asyncrat
0.5.8
Default
4bRCHiUOS9Sw
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/sXFJs1iM
Targets
-
-
Target
aaa.exe
-
Size
149KB
-
MD5
3d2739b6db356076ff403d1894488e0a
-
SHA1
9a5b9a171c84022a295617f0abe0a28d4cbf1490
-
SHA256
530fb8b9a65df5bf633a5dc8d71bd88e60467a57f7579e8c8507c28bf20ac146
-
SHA512
e8fe7979f61ae37dc806b57525692a8fed62ee21bbe797a994f99718b5424d476af3a57c50f1dff7fecc111a9323c2601a5885ed08a9fbf8e0f6479f3b3d0242
-
SSDEEP
3072:V5KFwkerGanuj1Geh+zg0oF/k4wFdbPXVXQyvHTeaoFU:V5qwLGauj1/yg3adbPXVXQyvX
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-