General

  • Target

    bb01cd684fa5892a7c139647c938df4a_JaffaCakes118

  • Size

    163KB

  • Sample

    240404-r3m6aabb43

  • MD5

    bb01cd684fa5892a7c139647c938df4a

  • SHA1

    c6c37897304becfcf297ac11f5070927188c01f3

  • SHA256

    951019555164f8124390be26019630c6b08a1506929c7e45f8758ea5f82a37c6

  • SHA512

    c0b3a2c154770b0af3644bf2b51f0a89e5d729aaa768504400e43b81a14e1a03e636e2ffda9838ed13633ea1965b35e3af34ad2cf58a8b6ce89d4f60819a4056

  • SSDEEP

    3072:Efi6x9579IhTOc/0i5n4HWE07OVNqwn7Lcu1AYcY:EfdIPBUWiqw7Lj1AV

Score
10/10

Malware Config

Targets

    • Target

      bb01cd684fa5892a7c139647c938df4a_JaffaCakes118

    • Size

      163KB

    • MD5

      bb01cd684fa5892a7c139647c938df4a

    • SHA1

      c6c37897304becfcf297ac11f5070927188c01f3

    • SHA256

      951019555164f8124390be26019630c6b08a1506929c7e45f8758ea5f82a37c6

    • SHA512

      c0b3a2c154770b0af3644bf2b51f0a89e5d729aaa768504400e43b81a14e1a03e636e2ffda9838ed13633ea1965b35e3af34ad2cf58a8b6ce89d4f60819a4056

    • SSDEEP

      3072:Efi6x9579IhTOc/0i5n4HWE07OVNqwn7Lcu1AYcY:EfdIPBUWiqw7Lj1AV

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks