General

  • Target

    875f9ae430d6a0f1a2eb62373c1b51ee_JaffaCakes118

  • Size

    234KB

  • Sample

    240531-r5w6zabg4w

  • MD5

    875f9ae430d6a0f1a2eb62373c1b51ee

  • SHA1

    4828ae6647d98d3825c6140c333f1655131d1430

  • SHA256

    d81d270973bace3b8a3c32e8fa7bec1b5a6ff7ad99cba826a69a7be33d71c5cc

  • SHA512

    da823969e473482b1a89c76b8115b278d1cb28df04b55390a06376b4f0b870d0e56fa81b936b51edb29bbf0ab9e4602681403fbc33f983ad89c07a9ae11c84fc

  • SSDEEP

    3072:4BKO4FsTD4L7dmB5PFHKoz5TnohTTy07BTsadvujAyiUmPHveMqcagHku5wg:cKg4L7A59NnQTT9zmjdoBqZg

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

myconect.ddns.net:6606

myconect.ddns.net:7707

myconect.ddns.net:2500

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      875f9ae430d6a0f1a2eb62373c1b51ee_JaffaCakes118

    • Size

      234KB

    • MD5

      875f9ae430d6a0f1a2eb62373c1b51ee

    • SHA1

      4828ae6647d98d3825c6140c333f1655131d1430

    • SHA256

      d81d270973bace3b8a3c32e8fa7bec1b5a6ff7ad99cba826a69a7be33d71c5cc

    • SHA512

      da823969e473482b1a89c76b8115b278d1cb28df04b55390a06376b4f0b870d0e56fa81b936b51edb29bbf0ab9e4602681403fbc33f983ad89c07a9ae11c84fc

    • SSDEEP

      3072:4BKO4FsTD4L7dmB5PFHKoz5TnohTTy07BTsadvujAyiUmPHveMqcagHku5wg:cKg4L7A59NnQTT9zmjdoBqZg

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks