Overview

overview

10

Static

static

1

JaffaCakes...93.ps1

windows7-x64

3

JaffaCakes...93.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393

  • Size

    289KB

  • Sample

    241222-nmnv4awrcn

  • MD5

    beafc2705866d8ff18bde1f67c5f7ff4

  • SHA1

    7064973634124c93e45f54bffb5fca1da6fff0d3

  • SHA256

    4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393

  • SHA512

    f05eaa7e3de93f4a5a6e0f136e4f5601f4e7761cbb59609d0bade1f8fb142ad98a8c6fb557f2e1317a369d6722219772c6f901cb085f9b7fb3413b6a0673d465

  • SSDEEP

    3072:IJKb53DCw8R4yMfMJJzD3Q3ApFTbQI8Iv1vZoZWdW:IEb5Rd1WJzD3Q3ApFTMIUZWdW

Score
10/10
asyncratdefaultdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

smartvodafone.duckdns.org:5002

smartvodafone.duckdns.org:5000

smartvodafone.duckdns.org:5001
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      JaffaCakes118_4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393

    • Size

      289KB

    • MD5

      beafc2705866d8ff18bde1f67c5f7ff4

    • SHA1

      7064973634124c93e45f54bffb5fca1da6fff0d3

    • SHA256

      4b25983cafa6eedf5235cf0cf57f7d63ac1e1a62bdadcae3c3a0264da3dfa393

    • SHA512

      f05eaa7e3de93f4a5a6e0f136e4f5601f4e7761cbb59609d0bade1f8fb142ad98a8c6fb557f2e1317a369d6722219772c6f901cb085f9b7fb3413b6a0673d465

    • SSDEEP

      3072:IJKb53DCw8R4yMfMJJzD3Q3ApFTbQI8Iv1vZoZWdW:IEb5Rd1WJzD3Q3ApFTMIUZWdW

    Score
    10/10
    executionasyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks