General

  • Target

    7a35a309c9ef114088052f1d36e573ab_JaffaCakes118

  • Size

    496KB

  • Sample

    240527-xwes8aef4t

  • MD5

    7a35a309c9ef114088052f1d36e573ab

  • SHA1

    8f3016cc7e0d1af1441a6dfdcdda6e26f4fd48a0

  • SHA256

    3b864940f74accb3097f2c6c979295c3a5f65af79cd0408f80869f82917b1627

  • SHA512

    0de03f9996d85ec16ee54a5e2b6b1241401795176d88fbff20dd6e31d0aacd22bfa928394025090503a22277748b99439e982fc6add0491773065d5dbbd1758e

  • SSDEEP

    12288:oePmhVF1qp2qsGhMsY2v9eywBzb9ZdEICLVRWa:sVF1bqlhMs5v6B/dEICLzWa

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Xxxu7

C2

185.250.204.245:6606

185.250.204.245:7707

185.250.204.245:8808

Mutex

8SI8OkPnk

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7a35a309c9ef114088052f1d36e573ab_JaffaCakes118

    • Size

      496KB

    • MD5

      7a35a309c9ef114088052f1d36e573ab

    • SHA1

      8f3016cc7e0d1af1441a6dfdcdda6e26f4fd48a0

    • SHA256

      3b864940f74accb3097f2c6c979295c3a5f65af79cd0408f80869f82917b1627

    • SHA512

      0de03f9996d85ec16ee54a5e2b6b1241401795176d88fbff20dd6e31d0aacd22bfa928394025090503a22277748b99439e982fc6add0491773065d5dbbd1758e

    • SSDEEP

      12288:oePmhVF1qp2qsGhMsY2v9eywBzb9ZdEICLVRWa:sVF1bqlhMs5v6B/dEICLzWa

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks