General

  • Target

    f436f06e1b7e1d1e6f795ca10086a5e9_JaffaCakes118

  • Size

    169KB

  • Sample

    240416-ynfk8acf6v

  • MD5

    f436f06e1b7e1d1e6f795ca10086a5e9

  • SHA1

    5e0509d677c0d0b0701d9ce1c30199023b755855

  • SHA256

    d82786dd43e20aea1972646855e9714d053e86bd41cb5d8767ff038c52cce68f

  • SHA512

    1a93c4ba9e65cf9f050d73692022575dc54055417fc9294fb9e3e67dedc0f4e2717eb566a8507380b4498e0e44fb4a42fd0fec07a5940a9f7812c92710f6e1ad

  • SSDEEP

    3072:KGl+abcB/MEaX3Lgr0WsWt6rW4l248V3FMrF4MNaa:flBb/bZicCVdKrL

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

info07.ddns.net:1177

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f436f06e1b7e1d1e6f795ca10086a5e9_JaffaCakes118

    • Size

      169KB

    • MD5

      f436f06e1b7e1d1e6f795ca10086a5e9

    • SHA1

      5e0509d677c0d0b0701d9ce1c30199023b755855

    • SHA256

      d82786dd43e20aea1972646855e9714d053e86bd41cb5d8767ff038c52cce68f

    • SHA512

      1a93c4ba9e65cf9f050d73692022575dc54055417fc9294fb9e3e67dedc0f4e2717eb566a8507380b4498e0e44fb4a42fd0fec07a5940a9f7812c92710f6e1ad

    • SSDEEP

      3072:KGl+abcB/MEaX3Lgr0WsWt6rW4l248V3FMrF4MNaa:flBb/bZicCVdKrL

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks