General
-
Target
875f9ae430d6a0f1a2eb62373c1b51ee_JaffaCakes118
-
Size
234KB
-
Sample
240531-r5w6zabg4w
-
MD5
875f9ae430d6a0f1a2eb62373c1b51ee
-
SHA1
4828ae6647d98d3825c6140c333f1655131d1430
-
SHA256
d81d270973bace3b8a3c32e8fa7bec1b5a6ff7ad99cba826a69a7be33d71c5cc
-
SHA512
da823969e473482b1a89c76b8115b278d1cb28df04b55390a06376b4f0b870d0e56fa81b936b51edb29bbf0ab9e4602681403fbc33f983ad89c07a9ae11c84fc
-
SSDEEP
3072:4BKO4FsTD4L7dmB5PFHKoz5TnohTTy07BTsadvujAyiUmPHveMqcagHku5wg:cKg4L7A59NnQTT9zmjdoBqZg
Static task
static1
Behavioral task
behavioral1
Sample
875f9ae430d6a0f1a2eb62373c1b51ee_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
myconect.ddns.net:6606
myconect.ddns.net:7707
myconect.ddns.net:2500
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
875f9ae430d6a0f1a2eb62373c1b51ee_JaffaCakes118
-
Size
234KB
-
MD5
875f9ae430d6a0f1a2eb62373c1b51ee
-
SHA1
4828ae6647d98d3825c6140c333f1655131d1430
-
SHA256
d81d270973bace3b8a3c32e8fa7bec1b5a6ff7ad99cba826a69a7be33d71c5cc
-
SHA512
da823969e473482b1a89c76b8115b278d1cb28df04b55390a06376b4f0b870d0e56fa81b936b51edb29bbf0ab9e4602681403fbc33f983ad89c07a9ae11c84fc
-
SSDEEP
3072:4BKO4FsTD4L7dmB5PFHKoz5TnohTTy07BTsadvujAyiUmPHveMqcagHku5wg:cKg4L7A59NnQTT9zmjdoBqZg
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-