General

  • Target

    f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881_JaffaCakes118

  • Size

    48KB

  • Sample

    240416-faesnahf26

  • MD5

    72c92867a167a76dd1652c51540d3921

  • SHA1

    caeb7ab88b4e89e4c9e0282b26478775a5f74068

  • SHA256

    f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881

  • SHA512

    8ff65a704f82d33865f14966f718e4241e6c8663e7fd83deacae04c00380307bf98e39a2bbb16c1978db1a6f2dcc656b4d9a7fbe55a8891e481c28f6c6ef5672

  • SSDEEP

    768:BuwpFTAY3IQWUe9jqmo2qLtUhwjxJXnPIcCfK7PzW0bSbRoHai5PmrSjTBDZd2+:BuwpFTA4/21hwfQcCfKhbURo6MPmrSjh

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

yy.webhop.me:6606

yy.webhop.me:7707

yy.webhop.me:8808

Mutex

3gEnVemFcrcp

Attributes
  • delay

    3

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881_JaffaCakes118

    • Size

      48KB

    • MD5

      72c92867a167a76dd1652c51540d3921

    • SHA1

      caeb7ab88b4e89e4c9e0282b26478775a5f74068

    • SHA256

      f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881

    • SHA512

      8ff65a704f82d33865f14966f718e4241e6c8663e7fd83deacae04c00380307bf98e39a2bbb16c1978db1a6f2dcc656b4d9a7fbe55a8891e481c28f6c6ef5672

    • SSDEEP

      768:BuwpFTAY3IQWUe9jqmo2qLtUhwjxJXnPIcCfK7PzW0bSbRoHai5PmrSjTBDZd2+:BuwpFTA4/21hwfQcCfKhbURo6MPmrSjh

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks