General

  • Target

    8434a41cabac8f53e86d625e0d57cf38_JaffaCakes118

  • Size

    288KB

  • Sample

    240530-p38qwahc5v

  • MD5

    8434a41cabac8f53e86d625e0d57cf38

  • SHA1

    78797526055dba20f4cc04c6bc243a3db1ba666e

  • SHA256

    0f6f1b083f51dc517b4a31a678045ea62fea049a73ca10a5d6299781fb9dda2b

  • SHA512

    f296ea72764c77eb8df2a66dc5171d8ae6d6d01f874957c52490b66aea47b82a06b0e15555f6659ce1b3a42361c178fa5f9ce7e0be93f2713d73d257ff6db0b3

  • SSDEEP

    6144:nAdIZwabbJCRulwklf41FXVIFCMzYDb4hiPDTAJ0Xm2OYiJ7Q:UIiab1MulWnInzAmibNXm2V

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

julian.linkpc.net:3468

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    dllwindomedia.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      8434a41cabac8f53e86d625e0d57cf38_JaffaCakes118

    • Size

      288KB

    • MD5

      8434a41cabac8f53e86d625e0d57cf38

    • SHA1

      78797526055dba20f4cc04c6bc243a3db1ba666e

    • SHA256

      0f6f1b083f51dc517b4a31a678045ea62fea049a73ca10a5d6299781fb9dda2b

    • SHA512

      f296ea72764c77eb8df2a66dc5171d8ae6d6d01f874957c52490b66aea47b82a06b0e15555f6659ce1b3a42361c178fa5f9ce7e0be93f2713d73d257ff6db0b3

    • SSDEEP

      6144:nAdIZwabbJCRulwklf41FXVIFCMzYDb4hiPDTAJ0Xm2OYiJ7Q:UIiab1MulWnInzAmibNXm2V

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks