Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
19-04-2024 00:06
General
-
Target
f90ddbf1ad88d7efdc2ec8b4080299fe_JaffaCakes118.exe
-
Size
247KB
-
MD5
f90ddbf1ad88d7efdc2ec8b4080299fe
-
SHA1
8728045f93ee455d439532914acec61b78f37fd9
-
SHA256
2459b003341abf397c431214431544d7403abaa0ffb3651f6577857646c20d5c
-
SHA512
c40a3c99a7e8efbdc81edb35e6c979d850a149102b538e86d2e4351f3cfd4f12412035a7279025728e3bb00086fb9eaa59b87f866b845b035df071215f222f6c
-
SSDEEP
3072:FydQJkVIb71sRaEYLUfh5+u/0a2HBrvyIBfn8+ux221Hl:dJk071Sacfh5+CJK+
Score
10/10
Malware Config
Extracted
Family
asyncrat
Version
0.5.7B
Botnet
Default
C2
127.0.0.1:6606
127.0.0.1:7707
Mutex
AsyncMutex_6SI8OkPnk
Attributes
-
delay
3
-
install
false
-
install_file
Test.exe
-
install_folder
%AppData%
aes.plain
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f90ddbf1ad88d7efdc2ec8b4080299fe_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f90ddbf1ad88d7efdc2ec8b4080299fe_JaffaCakes118.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5096-0-0x0000000000E10000-0x0000000000E54000-memory.dmpFilesize
272KB
-
memory/5096-1-0x0000000002EC0000-0x0000000002ED2000-memory.dmpFilesize
72KB
-
memory/5096-2-0x00007FF887250000-0x00007FF887D11000-memory.dmpFilesize
10.8MB
-
memory/5096-3-0x000000001BA80000-0x000000001BA90000-memory.dmpFilesize
64KB
-
memory/5096-4-0x00007FF887250000-0x00007FF887D11000-memory.dmpFilesize
10.8MB
-
memory/5096-5-0x000000001BA80000-0x000000001BA90000-memory.dmpFilesize
64KB