General

  • Target

    81fd3e1508b299d1ead7d1edcb23f62d_JaffaCakes118

  • Size

    68KB

  • MD5

    81fd3e1508b299d1ead7d1edcb23f62d

  • SHA1

    6b1da1e345f40396e70a874804c4671a5105b093

  • SHA256

    33ffbdee3a0b1a413349f0b2ad1e6507185c89096b1590910969466da502528d

  • SHA512

    0811338fc2cc2948bc2cc5cb5d721938e05f492f7ec16060700e4258108822c83bce54d5cb15ec207d250f34791ee68aa4799355df15178e268e4aa2b9069430

  • SSDEEP

    1536:mDPVvuB3qCddd1Bmn9b9yYFgfYG2p3kf+:mDts3qYmn9b9pgfYGzm

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

v0.2

Botnet

jan30eu

C2

niceone20.cn:7201

fjuj84hgoa84gn.xyz:7201

getupdated2021win2k.cn:7201

Mutex

afgj6j3umd5uk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 81fd3e1508b299d1ead7d1edcb23f62d_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections