General

  • Target

    f3ff7703f0728f3c9bfa234ca341a936_JaffaCakes118

  • Size

    941KB

  • Sample

    240416-waxlgahh81

  • MD5

    f3ff7703f0728f3c9bfa234ca341a936

  • SHA1

    041acfd4a705e2b4fad0bd926d6b6d0fc955f1c2

  • SHA256

    1e3e21b3ffa1418e18b1d12e93efbe0b00eded6d5662259b433fe063e56b4d09

  • SHA512

    0089c603f0c7787659ce081e11823ec7411c799b775e14f5819ed1e23a82f7018a881cc23c8c0b13b0de0ea5a3bfd327a00673a63c84da280441604167b0287a

  • SSDEEP

    12288:lXMr7qf5z4g9OTxg4MCCNv2Ir4UJAVNAd/d3XhMEoBoRoDoyoT4dPJSXtX+b89ua:i0r4UV/d36EK64J9dPJGlt1UqD/s

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

exportmunic007.duckdns.org:6606

exportmunic007.duckdns.org:7707

exportmunic007.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f3ff7703f0728f3c9bfa234ca341a936_JaffaCakes118

    • Size

      941KB

    • MD5

      f3ff7703f0728f3c9bfa234ca341a936

    • SHA1

      041acfd4a705e2b4fad0bd926d6b6d0fc955f1c2

    • SHA256

      1e3e21b3ffa1418e18b1d12e93efbe0b00eded6d5662259b433fe063e56b4d09

    • SHA512

      0089c603f0c7787659ce081e11823ec7411c799b775e14f5819ed1e23a82f7018a881cc23c8c0b13b0de0ea5a3bfd327a00673a63c84da280441604167b0287a

    • SSDEEP

      12288:lXMr7qf5z4g9OTxg4MCCNv2Ir4UJAVNAd/d3XhMEoBoRoDoyoT4dPJSXtX+b89ua:i0r4UV/d36EK64J9dPJGlt1UqD/s

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks