Overview

overview

10

Static

static

1

97496d9ff3...18.exe

windows7-x64

6

97496d9ff3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97496d9ff3660d5c31953cde3817bd60_JaffaCakes118

  • Size

    31KB

  • Sample

    240605-f3zcrsgb97

  • MD5

    97496d9ff3660d5c31953cde3817bd60

  • SHA1

    3470a1d91799c86c25016920fcb8055bbd47ac5f

  • SHA256

    d130880518914a29e0f9d01c2de9742284de894b8c40916528f5b7933fe0526d

  • SHA512

    4d162fc4ae03e394083fb3dc6dacc12ec6d35d7219e8a744af6b3550f8097bb7405c1b4f1c8f708f87b2d4fa848981c7b3a4b017c91f16eaa81e359819ab929b

  • SSDEEP

    192:flfYb7FK9Et8Dw52xXmZlgQKAokw8/8NESzlLAeZzxoix4YdH4ho9kcyjt+Xe/JH:fZY1axWlg7kh0tz9Uo4YdLzXNDgf2hg3

Score
10/10
asyncratnew103rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

New103

C2

185.165.153.140:8808

Mutex

New1mutex

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      97496d9ff3660d5c31953cde3817bd60_JaffaCakes118

    • Size

      31KB

    • MD5

      97496d9ff3660d5c31953cde3817bd60

    • SHA1

      3470a1d91799c86c25016920fcb8055bbd47ac5f

    • SHA256

      d130880518914a29e0f9d01c2de9742284de894b8c40916528f5b7933fe0526d

    • SHA512

      4d162fc4ae03e394083fb3dc6dacc12ec6d35d7219e8a744af6b3550f8097bb7405c1b4f1c8f708f87b2d4fa848981c7b3a4b017c91f16eaa81e359819ab929b

    • SSDEEP

      192:flfYb7FK9Et8Dw52xXmZlgQKAokw8/8NESzlLAeZzxoix4YdH4ho9kcyjt+Xe/JH:fZY1axWlg7kh0tz9Uo4YdLzXNDgf2hg3

    Score
    10/10
    asyncratnew103rat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks