General

  • Target

    JaffaCakes118_425949b7d7a276e9f0f8ef29bb4f095acd84a40538cbf5141af0af3c011eb16f

  • Size

    474KB

  • Sample

    241222-xv1djawqaj

  • MD5

    12db967a541f432b16007af228cd8e1d

  • SHA1

    a421b38e7fc4d99e5f828c05442d9b62221ccca5

  • SHA256

    425949b7d7a276e9f0f8ef29bb4f095acd84a40538cbf5141af0af3c011eb16f

  • SHA512

    ab79232b706f39225e7009947f96d0ad20701d1b70267b759fdd11c44bfa37051f364803d9f15c566924842e8e25e91c3301511f43c74f5195e12e283091965e

  • SSDEEP

    12288:hMSjKClpB7xuQv17tbFHdWli2g89kWM9zbv2oNh3//C:OqB7zbFdl2g89kLBbv2ota

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

185.140.53.131:7171

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    image.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      image.bin

    • Size

      808KB

    • MD5

      ae15992ecc241654997b0e4bcfaa07b3

    • SHA1

      9ef2cb53adea59c6045a492d7b7317ecb3998373

    • SHA256

      cf3dab2a4ba21609762dff658b3b6831f2ae5976adfe0aed8f76090d30c7f1b3

    • SHA512

      7654e5a81945f357b252c51189d1ddacc941184a9800723c955a0ed3d463fc82872d31b352184886b9ae20d0b34e906892e765577d6819bcadbfba98f0145ab3

    • SSDEEP

      12288:FUDM6VWVHA/L5DnbH22qla5w/yXbxFPkWtslyfZGxrNDFhmlUv2Ju:FUDM6VWKNbH0MW/IbxQ0RK5fv2Ju

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks