General

  • Target

    JaffaCakes118_6152a4dcee666627a3a45d2f2066c17c141a980b54609b676172ac214f974acb

  • Size

    23KB

  • Sample

    241221-2z4zqstkbq

  • MD5

    1d5ae8c1f6b0afee8aff36cd4e9c79f4

  • SHA1

    8ff28a372738b00efc0a477bfcb0345f3b8e8fca

  • SHA256

    6152a4dcee666627a3a45d2f2066c17c141a980b54609b676172ac214f974acb

  • SHA512

    fd235a6686ff589edcf968dc50684c81970cf07cc45907d87b1de9eff90ef6580dc5b5518f7ed4b8ee310ad727de5d434c3b70ec782e1bb5cf46df695bac723f

  • SSDEEP

    384:qzP7e6yLW5E6DZt1QtP+Ewlth832vfRbFabjxrZfzVu3N6YYvmzzWDKfjaOZQeMH:qzokdi+ETmv9F8jxrZfxS6Y5WDmWUQe0

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

7.tcp.eu.ngrok.io:12728

Mutex

whrjiouwrhjnwui

Attributes
  • delay

    1

  • install

    true

  • install_file

    MsEdge.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      80568be5a0b6b9d96b0dde9a45d9b9ae74f9cd97af8f9ae533904ff804bec8e0

    • Size

      48KB

    • MD5

      9f7d48fd36a1493b4c25131f95339bd6

    • SHA1

      d6623ce807d0c8edfaa455f978912d2dda9e83ea

    • SHA256

      80568be5a0b6b9d96b0dde9a45d9b9ae74f9cd97af8f9ae533904ff804bec8e0

    • SHA512

      169b335730e20f35cf0eff52c05c805de2dfc9f66245682bfffbce9ee34237141cc1837e5ecc8e1ca19e66dd128aa027f033161002905042b589aa1a2d86dae0

    • SSDEEP

      768:WL0aWbILWCaS+DilhwiVixzYbYge6E8vEgK/JlBVc6KN:WgaMWlhwlcbPnfnkJlBVclN

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks