General
-
Target
8434a41cabac8f53e86d625e0d57cf38_JaffaCakes118
-
Size
288KB
-
Sample
240530-p38qwahc5v
-
MD5
8434a41cabac8f53e86d625e0d57cf38
-
SHA1
78797526055dba20f4cc04c6bc243a3db1ba666e
-
SHA256
0f6f1b083f51dc517b4a31a678045ea62fea049a73ca10a5d6299781fb9dda2b
-
SHA512
f296ea72764c77eb8df2a66dc5171d8ae6d6d01f874957c52490b66aea47b82a06b0e15555f6659ce1b3a42361c178fa5f9ce7e0be93f2713d73d257ff6db0b3
-
SSDEEP
6144:nAdIZwabbJCRulwklf41FXVIFCMzYDb4hiPDTAJ0Xm2OYiJ7Q:UIiab1MulWnInzAmibNXm2V
Static task
static1
Behavioral task
behavioral1
Sample
8434a41cabac8f53e86d625e0d57cf38_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
julian.linkpc.net:3468
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
dllwindomedia.exe
-
install_folder
%AppData%
Targets
-
-
Target
8434a41cabac8f53e86d625e0d57cf38_JaffaCakes118
-
Size
288KB
-
MD5
8434a41cabac8f53e86d625e0d57cf38
-
SHA1
78797526055dba20f4cc04c6bc243a3db1ba666e
-
SHA256
0f6f1b083f51dc517b4a31a678045ea62fea049a73ca10a5d6299781fb9dda2b
-
SHA512
f296ea72764c77eb8df2a66dc5171d8ae6d6d01f874957c52490b66aea47b82a06b0e15555f6659ce1b3a42361c178fa5f9ce7e0be93f2713d73d257ff6db0b3
-
SSDEEP
6144:nAdIZwabbJCRulwklf41FXVIFCMzYDb4hiPDTAJ0Xm2OYiJ7Q:UIiab1MulWnInzAmibNXm2V
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-