Extracted

• • Target

    8649b3ac9b90053ac5af0be11e65878b_JaffaCakes118

  • Size

    201KB

  • MD5

    8649b3ac9b90053ac5af0be11e65878b

  • SHA1

    067abf2e195182fd9d69261f0076085712dad208

  • SHA256

    acdef12ec35b82f310c535d3cf08f81d60f1090a25e243772ac5086992104421

  • SHA512

    a338323ea66a858031ff043f02836686d4e1a6b196f1dea7155ad0ffe1dfa3d4c8b55476e01d93694c6361c02839bfa770bebdcc8e5cc7d0877a377eaf4c54b0

  • SSDEEP

    3072:1QbYxbEV2AyO4slPqCM4saRROeFDcTZaASvPiyolAmJuLIKXlwXAMKhot8ZCzz:1QbGb6t7QSvKpgnl8o98z

  Score

  10^/10

  asyncratbless my hands lordpersistencerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2