General

  • Target

    JaffaCakes118_13a1264ffcc8e8ed54f849db376330ca634c3312dd1ac12e7244f6705024eaa2

  • Size

    28KB

  • MD5

    2aa07750a7efe6930bfc8ce8a9587ebe

  • SHA1

    53ff6ea7a2107db605ae65aa576c6a8660c3cf4e

  • SHA256

    13a1264ffcc8e8ed54f849db376330ca634c3312dd1ac12e7244f6705024eaa2

  • SHA512

    bdd1af1b596a79029e5326187b0465da1686c7c29561a80186ac37beca0b6be850de2f27a07136c1fad81c7d61d9b3a0f37abec26449b2453d6386849fe44b3a

  • SSDEEP

    768:zCt/kaRMSdFc2Ha25uNRppx2n/3va+9FvFdmsApvr8BcuABVpFK24YD3N:zglWgpHa25kb2n/S+9zdmsApvrkcVpvx

Malware Config

Extracted

Family

asyncrat

Version

VenomRAT_HVNC 5.0.4

Botnet

Venom Clients

C2

192.168.1.167:8080

Mutex

uJcmfciqm

Attributes
  • delay

    0

  • install

    true

  • install_file

    MicroSoftHealthTool.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_13a1264ffcc8e8ed54f849db376330ca634c3312dd1ac12e7244f6705024eaa2
    .rar
  • Account Generator.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections