Overview

overview

10

Static

static

3

adb3eb6b7d...18.exe

windows7-x64

10

adb3eb6b7d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adb3eb6b7d80dcd872e093cece6ff545_JaffaCakes118

  • Size

    428KB

  • Sample

    240615-k6rjjsvfje

  • MD5

    adb3eb6b7d80dcd872e093cece6ff545

  • SHA1

    7484932e1c62e21bda915f66ebed82642e7b11e6

  • SHA256

    fcd4c130e8f5644b298e9da60aa513a402f3f7cef8d836c9b40f65b57e456c65

  • SHA512

    ab236bfdca28331a3432755aa7622068ef98e5e29bb20a6540b8e9a6455c5c8519cd66bbaa119eccd6a26e9039bdb96bb1c72052772d4dc1265a766ae48529c2

  • SSDEEP

    6144:0xZQYI7LLi7V/ow/Z5EfUHp1ZlAIqZqxJ2O312ogLXax:SKXihh/jEfUHp1ZmIrJx12TX

Score
10/10
asyncratdefaultpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

79.134.225.92:6606

79.134.225.92:7707
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      adb3eb6b7d80dcd872e093cece6ff545_JaffaCakes118

    • Size

      428KB

    • MD5

      adb3eb6b7d80dcd872e093cece6ff545

    • SHA1

      7484932e1c62e21bda915f66ebed82642e7b11e6

    • SHA256

      fcd4c130e8f5644b298e9da60aa513a402f3f7cef8d836c9b40f65b57e456c65

    • SHA512

      ab236bfdca28331a3432755aa7622068ef98e5e29bb20a6540b8e9a6455c5c8519cd66bbaa119eccd6a26e9039bdb96bb1c72052772d4dc1265a766ae48529c2

    • SSDEEP

      6144:0xZQYI7LLi7V/ow/Z5EfUHp1ZlAIqZqxJ2O312ogLXax:SKXihh/jEfUHp1ZmIrJx12TX

    Score
    10/10
    asyncratdefaultpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks