General
-
Target
fa81aab0bc348b79744852e65e2043df_JaffaCakes118
-
Size
1.1MB
-
Sample
240419-rvzt4seg29
-
MD5
fa81aab0bc348b79744852e65e2043df
-
SHA1
fa65b1b8b689a41822d84a588d17226ca233564c
-
SHA256
1137a722df5bf7b96cdbf121282b328f429b895aa60f8a0caf120177303e1299
-
SHA512
b01fd9cf2ae7964d4bead4197cf3bf8a77900ff7d2ce6fe9397a81e4a3988a88e9cc07fe121c696cc855a61944aac5e3b10289579307fd51006e324b2737b374
-
SSDEEP
24576:NdeAPk5uFFgUBEGobZE1yeIeZPoVWwO2ha1:XeekuFFHEGobq1RJZPoVWdv
Static task
static1
Behavioral task
behavioral1
Sample
fa81aab0bc348b79744852e65e2043df_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
51.143.89.185:8080
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
2e31a76-d46e-4625-bee5-4fb923fc49f5.exe
-
install_folder
%Temp%
Targets
-
-
Target
fa81aab0bc348b79744852e65e2043df_JaffaCakes118
-
Size
1.1MB
-
MD5
fa81aab0bc348b79744852e65e2043df
-
SHA1
fa65b1b8b689a41822d84a588d17226ca233564c
-
SHA256
1137a722df5bf7b96cdbf121282b328f429b895aa60f8a0caf120177303e1299
-
SHA512
b01fd9cf2ae7964d4bead4197cf3bf8a77900ff7d2ce6fe9397a81e4a3988a88e9cc07fe121c696cc855a61944aac5e3b10289579307fd51006e324b2737b374
-
SSDEEP
24576:NdeAPk5uFFgUBEGobZE1yeIeZPoVWwO2ha1:XeekuFFHEGobq1RJZPoVWdv
-
Async RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-