General
-
Target
f9235b9b51702c123e3b6c8c7dafaad1_JaffaCakes118
-
Size
312KB
-
Sample
240419-a7hypacg3y
-
MD5
f9235b9b51702c123e3b6c8c7dafaad1
-
SHA1
9e5867039896c5d1e5f06185dc0eeb9d4a53ac5a
-
SHA256
5f2ff12584a99c9720d27bf219ec4691f80ea258d71e391ca28f4590f360a775
-
SHA512
a21857672861bbaff86a5cedb9cc04df4f05a9a948135336849b6d8f2112da85de2a0b71de7e75dad7ddc66b4a80dfb53094ea91650f2e2ba96b9db13f77ba0b
-
SSDEEP
6144:wBlL/cYcRhkSQU1DHVOnYBYJal4j9Rz/7R/Ug5X1tZaDTcoe:CelhMtYBYsWjLz/9vtUTcT
Static task
static1
Behavioral task
behavioral1
Sample
f9235b9b51702c123e3b6c8c7dafaad1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9235b9b51702c123e3b6c8c7dafaad1_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/vzjtdshtcu.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/vzjtdshtcu.dll
Resource
win10v2004-20240412-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
tinrinrin.kozow.com:9091
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Edge.exe
-
install_folder
%AppData%
Targets
-
-
Target
f9235b9b51702c123e3b6c8c7dafaad1_JaffaCakes118
-
Size
312KB
-
MD5
f9235b9b51702c123e3b6c8c7dafaad1
-
SHA1
9e5867039896c5d1e5f06185dc0eeb9d4a53ac5a
-
SHA256
5f2ff12584a99c9720d27bf219ec4691f80ea258d71e391ca28f4590f360a775
-
SHA512
a21857672861bbaff86a5cedb9cc04df4f05a9a948135336849b6d8f2112da85de2a0b71de7e75dad7ddc66b4a80dfb53094ea91650f2e2ba96b9db13f77ba0b
-
SSDEEP
6144:wBlL/cYcRhkSQU1DHVOnYBYJal4j9Rz/7R/Ug5X1tZaDTcoe:CelhMtYBYsWjLz/9vtUTcT
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/vzjtdshtcu.dll
-
Size
29KB
-
MD5
433747be519bda968dfcb35f6970fa5b
-
SHA1
faaea3969400d0302544ad4fd9cb031b7637936f
-
SHA256
5d362cfb794eebda011289c7ffaf328b9537e87dca13e79d60508773b538f6c6
-
SHA512
6a97c1f265546f71910bad5465c767314ed97e2246363e25077471db1a5cfdd92a56b1da02e8620775fdbc8a231636f147c6e66c781b38f03fe05b3da256530a
-
SSDEEP
768:M2TzWszi/+6IQBM9x22OgNDiSn1n4RT1:MmnzvPQBM9x2ZSnKR
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-