General
-
Target
f3ff7703f0728f3c9bfa234ca341a936_JaffaCakes118
-
Size
941KB
-
Sample
240416-waxlgahh81
-
MD5
f3ff7703f0728f3c9bfa234ca341a936
-
SHA1
041acfd4a705e2b4fad0bd926d6b6d0fc955f1c2
-
SHA256
1e3e21b3ffa1418e18b1d12e93efbe0b00eded6d5662259b433fe063e56b4d09
-
SHA512
0089c603f0c7787659ce081e11823ec7411c799b775e14f5819ed1e23a82f7018a881cc23c8c0b13b0de0ea5a3bfd327a00673a63c84da280441604167b0287a
-
SSDEEP
12288:lXMr7qf5z4g9OTxg4MCCNv2Ir4UJAVNAd/d3XhMEoBoRoDoyoT4dPJSXtX+b89ua:i0r4UV/d36EK64J9dPJGlt1UqD/s
Static task
static1
Behavioral task
behavioral1
Sample
f3ff7703f0728f3c9bfa234ca341a936_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
exportmunic007.duckdns.org:6606
exportmunic007.duckdns.org:7707
exportmunic007.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
f3ff7703f0728f3c9bfa234ca341a936_JaffaCakes118
-
Size
941KB
-
MD5
f3ff7703f0728f3c9bfa234ca341a936
-
SHA1
041acfd4a705e2b4fad0bd926d6b6d0fc955f1c2
-
SHA256
1e3e21b3ffa1418e18b1d12e93efbe0b00eded6d5662259b433fe063e56b4d09
-
SHA512
0089c603f0c7787659ce081e11823ec7411c799b775e14f5819ed1e23a82f7018a881cc23c8c0b13b0de0ea5a3bfd327a00673a63c84da280441604167b0287a
-
SSDEEP
12288:lXMr7qf5z4g9OTxg4MCCNv2Ir4UJAVNAd/d3XhMEoBoRoDoyoT4dPJSXtX+b89ua:i0r4UV/d36EK64J9dPJGlt1UqD/s
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-