General
-
Target
eb1a9295b13583f1d12db61027e72fa3_JaffaCakes118
-
Size
2.2MB
-
Sample
240410-p1wnjabc6z
-
MD5
eb1a9295b13583f1d12db61027e72fa3
-
SHA1
a44c8f2bdc54110ce7d295bb0b92a0212177dd77
-
SHA256
bcbc3eac0f777f27bdacb1cdade005bf50860fded0fa39205a66f5c9560ab80e
-
SHA512
f94100cd6099376120677f51ed2b8c0438302f844a54f598a9675dc5c7486e6ae30b41e12ffeae51941c17e9438f293d3de2992c0cdc6a601ffa778a273e1365
-
SSDEEP
49152:p0Wr2+2NRopvMx5qqLDp2iOzouQs6wt1rp9X/M:WwkkEx5VDOzrQs6EvNk
Malware Config
Extracted
limerat
-
aes_key
@mustleak
-
antivm
false
-
c2_url
https://pastebin.com/raw/c3Nu1fZy
-
delay
3
-
download_payload
false
-
install
true
-
install_name
snchost.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\bite\
-
usb_spread
true
Extracted
asyncrat
0.5.4H
extiqtrzeqtxqjoa
-
delay
0
-
install
true
-
install_file
scvhost.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/X37Jy9jA
Targets
-
-
Target
eb1a9295b13583f1d12db61027e72fa3_JaffaCakes118
-
Size
2.2MB
-
MD5
eb1a9295b13583f1d12db61027e72fa3
-
SHA1
a44c8f2bdc54110ce7d295bb0b92a0212177dd77
-
SHA256
bcbc3eac0f777f27bdacb1cdade005bf50860fded0fa39205a66f5c9560ab80e
-
SHA512
f94100cd6099376120677f51ed2b8c0438302f844a54f598a9675dc5c7486e6ae30b41e12ffeae51941c17e9438f293d3de2992c0cdc6a601ffa778a273e1365
-
SSDEEP
49152:p0Wr2+2NRopvMx5qqLDp2iOzouQs6wt1rp9X/M:WwkkEx5VDOzrQs6EvNk
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-