General
-
Target
JaffaCakes118_425949b7d7a276e9f0f8ef29bb4f095acd84a40538cbf5141af0af3c011eb16f
-
Size
474KB
-
Sample
241222-xv1djawqaj
-
MD5
12db967a541f432b16007af228cd8e1d
-
SHA1
a421b38e7fc4d99e5f828c05442d9b62221ccca5
-
SHA256
425949b7d7a276e9f0f8ef29bb4f095acd84a40538cbf5141af0af3c011eb16f
-
SHA512
ab79232b706f39225e7009947f96d0ad20701d1b70267b759fdd11c44bfa37051f364803d9f15c566924842e8e25e91c3301511f43c74f5195e12e283091965e
-
SSDEEP
12288:hMSjKClpB7xuQv17tbFHdWli2g89kWM9zbv2oNh3//C:OqB7zbFdl2g89kLBbv2ota
Static task
static1
Behavioral task
behavioral1
Sample
image.exe
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
185.140.53.131:7171
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
image.exe
-
install_folder
%AppData%
Targets
-
-
Target
image.bin
-
Size
808KB
-
MD5
ae15992ecc241654997b0e4bcfaa07b3
-
SHA1
9ef2cb53adea59c6045a492d7b7317ecb3998373
-
SHA256
cf3dab2a4ba21609762dff658b3b6831f2ae5976adfe0aed8f76090d30c7f1b3
-
SHA512
7654e5a81945f357b252c51189d1ddacc941184a9800723c955a0ed3d463fc82872d31b352184886b9ae20d0b34e906892e765577d6819bcadbfba98f0145ab3
-
SSDEEP
12288:FUDM6VWVHA/L5DnbH22qla5w/yXbxFPkWtslyfZGxrNDFhmlUv2Ju:FUDM6VWKNbH0MW/IbxQ0RK5fv2Ju
-
Asyncrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-