Extracted

• • Target

    92077215e723b003502dff2ac974dc43_JaffaCakes118

  • Size

    4.2MB

  • MD5

    92077215e723b003502dff2ac974dc43

  • SHA1

    775b63a3c020c9aead9addb32776beb26704884a

  • SHA256

    d5d023c6add2232b9ca0bce13e7b813e9240803feb084d2a8f1d504d96b85a6e

  • SHA512

    14880d120b50b9ebfd1f08716802d37ba3021655094799cfa98d763f1b91928a137b46eca6b5df5497f4088b19bde546592429037c533756a708220c47aed764

  • SSDEEP

    98304:yJCbuSMburCaMZh0yEKj+WRvrY1dcZ048HV/bFy8jJ7D:MmMbuQZlFY7KsZPN

  Score

  10^/10

  asyncratoskidefaultinfostealerpersistencerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2