General
-
Target
f416472d1563ba7e9b2f5cf413fbb401_JaffaCakes118
-
Size
942B
-
Sample
240416-xajv2she67
-
MD5
f416472d1563ba7e9b2f5cf413fbb401
-
SHA1
427f0437f9344961762ed4b62e23f42157acd293
-
SHA256
468aba9edc308297fee3c6d886905e3920312dfe6566f475cb278d5a23831b5d
-
SHA512
7c64dcf5ed197121b43675fac76775140b107b243607363cecc28ad79d0494cc31aff066589a94f5a4399c6e9d0aa98320cb244122037fc8a36fa327d2c23f45
Static task
static1
Behavioral task
behavioral1
Sample
f416472d1563ba7e9b2f5cf413fbb401_JaffaCakes118.vbs
Resource
win7-20240221-en
Malware Config
Extracted
https://ia801402.us.archive.org/0/items/taiwan_server_3245676897809/taiwan_server_3245676897809.txt
Extracted
asyncrat
0.5.7B
Default
a0979283148.ddns.net:1604
a0979283148.ddns.net:1605
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
f416472d1563ba7e9b2f5cf413fbb401_JaffaCakes118
-
Size
942B
-
MD5
f416472d1563ba7e9b2f5cf413fbb401
-
SHA1
427f0437f9344961762ed4b62e23f42157acd293
-
SHA256
468aba9edc308297fee3c6d886905e3920312dfe6566f475cb278d5a23831b5d
-
SHA512
7c64dcf5ed197121b43675fac76775140b107b243607363cecc28ad79d0494cc31aff066589a94f5a4399c6e9d0aa98320cb244122037fc8a36fa327d2c23f45
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-