General
-
Target
f9aa0da1d22e2f553aff22b60c476c02_JaffaCakes118
-
Size
1.2MB
-
Sample
240419-gvt9hsbf5s
-
MD5
f9aa0da1d22e2f553aff22b60c476c02
-
SHA1
f6b0dda01b9dfb7f9f3f3a66f7abd11732fd4245
-
SHA256
5d58c5fa7aa0f5a8c4d2448b0f5fbb8ffb835228bcb3e4b6fa53f5593a2166bb
-
SHA512
3f154886792410939abd6049b66383e630b668a8fe95ac94d43be70762e6e35500e3f8602e871c1bfaad1d790b2fae0922cf33ae6f3e15fe35b3173cb60cb2d6
-
SSDEEP
24576:TKNqwYdkExzhH2bZTrLrr64D9mwRGPoN7vdiTbnFMu/dvv:TBBxzhGTrLzD9m/PoiM
Static task
static1
Behavioral task
behavioral1
Sample
f9aa0da1d22e2f553aff22b60c476c02_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
maximumthousands.ddns.net:7707
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
f9aa0da1d22e2f553aff22b60c476c02_JaffaCakes118
-
Size
1.2MB
-
MD5
f9aa0da1d22e2f553aff22b60c476c02
-
SHA1
f6b0dda01b9dfb7f9f3f3a66f7abd11732fd4245
-
SHA256
5d58c5fa7aa0f5a8c4d2448b0f5fbb8ffb835228bcb3e4b6fa53f5593a2166bb
-
SHA512
3f154886792410939abd6049b66383e630b668a8fe95ac94d43be70762e6e35500e3f8602e871c1bfaad1d790b2fae0922cf33ae6f3e15fe35b3173cb60cb2d6
-
SSDEEP
24576:TKNqwYdkExzhH2bZTrLrr64D9mwRGPoN7vdiTbnFMu/dvv:TBBxzhGTrLzD9m/PoiM
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-