General
-
Target
a6eb2e58e0c54722cb9b461980bbe9f9_JaffaCakes118
-
Size
364KB
-
Sample
240818-q8s32szanp
-
MD5
a6eb2e58e0c54722cb9b461980bbe9f9
-
SHA1
6829d0b6943afe143df61278c70dc6433ac61caf
-
SHA256
269610b6d4df5ebb6cb52f34cddc8189f80692cf1f0d060990370da5b5c02775
-
SHA512
8d0004b72994b2df83779e126f7741a23a516ae7d7a11a3887ec534b1646449e3a38f85823004f68479f00c44c73e36ad5bfe121ffd1e3c796df8a7c12da5fdd
-
SSDEEP
6144:165YmK0/RNp8LUMoKv3eF/NHBUHPGOwjDC6pnsovDt/vgIZKD5Mw1OI7jbr:3+vBGU5BUHWC6pnsilDZa2KOIPbr
Static task
static1
Behavioral task
behavioral1
Sample
URGENT QUOTATION Request.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
URGENT QUOTATION Request.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
asyncrat
0.5.7B
BLESS MY HANDS LORD
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/mQ1Zp6VA
Targets
-
-
Target
URGENT QUOTATION Request.exe
-
Size
507KB
-
MD5
8d656451390b195b7c1fcb95af2fc525
-
SHA1
e4c36699cd0ad46f38c475c7d8a1374983a30917
-
SHA256
fd2459ab88ff9a3215a3fa5d4a762617842bd7e4a5185b88b632caa7c52c7edd
-
SHA512
b40b95a0ae9e92b075fa3291542574741e771f1114375d8d61d5a71534b93ac15774291ef9e2f10e31eee8cf595de320806440cfa848784c2c83f3444988369f
-
SSDEEP
12288:d62RclE0A0O++rFUjB8HaC8pnsiRvVawcoRfOz:GpA0ORrFSBuN8pnsMs/olA
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-