Malware Analysis Report

2025-04-13 12:32

Sample ID 240406-kdcjxsed2s
Target e012e871a15695612515d1578be49d83_JaffaCakes118
SHA256 ea7d9e9b846e07ee0e1fbfde3d125cc51ee11b4a361cdae630738f59f8acd2c6
Tags
asyncrat rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ea7d9e9b846e07ee0e1fbfde3d125cc51ee11b4a361cdae630738f59f8acd2c6

Threat Level: Known bad

The file e012e871a15695612515d1578be49d83_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

asyncrat rat

AsyncRat

Async RAT payload

Enumerates physical storage devices

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 08:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 08:28

Reported

2024-04-06 08:31

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 52.111.229.19:443 tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/3496-0-0x0000000000880000-0x00000000008A8000-memory.dmp

memory/3496-1-0x00007FFF99D20000-0x00007FFF9A7E1000-memory.dmp

memory/3496-2-0x0000000001310000-0x0000000001324000-memory.dmp

C:\ProgramData\malmustafa

MD5 60fb86cc7b5b521e5a63d31e503df61a
SHA1 1c7d52533038a25c690561844657b92ab2817de5
SHA256 8d098354ee9c5d508db21549519c3ef87b07e96fba92e62035f9f60874974e19
SHA512 1508e87931c0c8d89aef0b2e7db3baa6d6b614e5c1a6012f8e4802d069060022cce3e5a25b049ba39a604d3695a7ce425fa5f5777a3956549ddb7e51a70f385e

memory/3496-30-0x00007FFF99D20000-0x00007FFF9A7E1000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 08:28

Reported

2024-04-06 08:31

Platform

win7-20240221-en

Max time kernel

119s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe"

Network

N/A

Files

memory/2688-0-0x0000000001370000-0x0000000001398000-memory.dmp

memory/2688-1-0x000007FEF5240000-0x000007FEF5C2C000-memory.dmp

memory/2688-2-0x00000000006B0000-0x00000000006C4000-memory.dmp

memory/2688-5-0x000007FEF5240000-0x000007FEF5C2C000-memory.dmp