asyncrat | JaffaCakes118_6152a4dcee666627a3a45d2f2066c17c141a980b54609b676172ac214f974acb

General

Target

JaffaCakes118_6152a4dcee666627a3a45d2f2066c17c141a980b54609b676172ac214f974acb
Size

23KB
MD5

1d5ae8c1f6b0afee8aff36cd4e9c79f4
SHA1

8ff28a372738b00efc0a477bfcb0345f3b8e8fca
SHA256

6152a4dcee666627a3a45d2f2066c17c141a980b54609b676172ac214f974acb
SHA512

fd235a6686ff589edcf968dc50684c81970cf07cc45907d87b1de9eff90ef6580dc5b5518f7ed4b8ee310ad727de5d434c3b70ec782e1bb5cf46df695bac723f
SSDEEP

384:qzP7e6yLW5E6DZt1QtP+Ewlth832vfRbFabjxrZfzVu3N6YYvmzzWDKfjaOZQeMH:qzokdi+ETmv9F8jxrZfxS6Y5WDmWUQe0

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

7.tcp.eu.ngrok.io:12728

Mutex

whrjiouwrhjnwui

Attributes

delay
1
install
true
install_file
MsEdge.exe
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/80568be5a0b6b9d96b0dde9a45d9b9ae74f9cd97af8f9ae533904ff804bec8e0	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/80568be5a0b6b9d96b0dde9a45d9b9ae74f9cd97af8f9ae533904ff804bec8e0

Files

JaffaCakes118_6152a4dcee666627a3a45d2f2066c17c141a980b54609b676172ac214f974acb
.zip

Password: infected
80568be5a0b6b9d96b0dde9a45d9b9ae74f9cd97af8f9ae533904ff804bec8e0
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B