General
-
Target
f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881_JaffaCakes118
-
Size
48KB
-
Sample
240416-faesnahf26
-
MD5
72c92867a167a76dd1652c51540d3921
-
SHA1
caeb7ab88b4e89e4c9e0282b26478775a5f74068
-
SHA256
f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881
-
SHA512
8ff65a704f82d33865f14966f718e4241e6c8663e7fd83deacae04c00380307bf98e39a2bbb16c1978db1a6f2dcc656b4d9a7fbe55a8891e481c28f6c6ef5672
-
SSDEEP
768:BuwpFTAY3IQWUe9jqmo2qLtUhwjxJXnPIcCfK7PzW0bSbRoHai5PmrSjTBDZd2+:BuwpFTA4/21hwfQcCfKhbURo6MPmrSjh
Behavioral task
behavioral1
Sample
f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.8
Default
yy.webhop.me:6606
yy.webhop.me:7707
yy.webhop.me:8808
3gEnVemFcrcp
-
delay
3
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
Targets
-
-
Target
f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881_JaffaCakes118
-
Size
48KB
-
MD5
72c92867a167a76dd1652c51540d3921
-
SHA1
caeb7ab88b4e89e4c9e0282b26478775a5f74068
-
SHA256
f2b63f92ce68836d5f33b8136c8dae7344944a099884e2aad0726e5abdd3f881
-
SHA512
8ff65a704f82d33865f14966f718e4241e6c8663e7fd83deacae04c00380307bf98e39a2bbb16c1978db1a6f2dcc656b4d9a7fbe55a8891e481c28f6c6ef5672
-
SSDEEP
768:BuwpFTAY3IQWUe9jqmo2qLtUhwjxJXnPIcCfK7PzW0bSbRoHai5PmrSjTBDZd2+:BuwpFTA4/21hwfQcCfKhbURo6MPmrSjh
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-