General

  • Target

    f416472d1563ba7e9b2f5cf413fbb401_JaffaCakes118

  • Size

    942B

  • Sample

    240416-xajv2she67

  • MD5

    f416472d1563ba7e9b2f5cf413fbb401

  • SHA1

    427f0437f9344961762ed4b62e23f42157acd293

  • SHA256

    468aba9edc308297fee3c6d886905e3920312dfe6566f475cb278d5a23831b5d

  • SHA512

    7c64dcf5ed197121b43675fac76775140b107b243607363cecc28ad79d0494cc31aff066589a94f5a4399c6e9d0aa98320cb244122037fc8a36fa327d2c23f45

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia801402.us.archive.org/0/items/taiwan_server_3245676897809/taiwan_server_3245676897809.txt

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

a0979283148.ddns.net:1604

a0979283148.ddns.net:1605

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f416472d1563ba7e9b2f5cf413fbb401_JaffaCakes118

    • Size

      942B

    • MD5

      f416472d1563ba7e9b2f5cf413fbb401

    • SHA1

      427f0437f9344961762ed4b62e23f42157acd293

    • SHA256

      468aba9edc308297fee3c6d886905e3920312dfe6566f475cb278d5a23831b5d

    • SHA512

      7c64dcf5ed197121b43675fac76775140b107b243607363cecc28ad79d0494cc31aff066589a94f5a4399c6e9d0aa98320cb244122037fc8a36fa327d2c23f45

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks