General

  • Target

    JaffaCakes118_39028e30633ad28ac9f8d1a1f30adc3d0c351e96772f96ceb58690abff0d2736

  • Size

    78KB

  • Sample

    241223-xh78lsxpfn

  • MD5

    30a5f6dae13e79e127b2a0737de8d5bc

  • SHA1

    524ddee1582fbee848bef8bbe8505e508ed057dd

  • SHA256

    39028e30633ad28ac9f8d1a1f30adc3d0c351e96772f96ceb58690abff0d2736

  • SHA512

    30e88827da52fcd4baebcbe90348563b629688b0bd51bb768fc4fd88efc81f733db08ff835579de2ca201dbcba68a0a8444f3935a64772f61ba3df50539840d8

  • SSDEEP

    1536:6QL/XdzJbn/6WvkIaDr7SX0jyxNcgjR3w1SDut2DFfe:64TbiWvUWWINc3SjBfe

Malware Config

Extracted

Family

asyncrat

Version

0.0.1

Botnet

Default

C2

bigdaddy-service.biz:6606

bigdaddy-service.biz:7707

bigdaddy-service.biz:8808

https://api.telegram.org/bot1887752763:AAEFHUQhXilkF7u0X0Uqs-Po7aZUCtVrohg/sendMessage?chat_id=1096425866

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec

    • Size

      167KB

    • MD5

      2494ddf095f3ad52f3ce518c45e37815

    • SHA1

      fef7060001121af7720efc877adb57b3a0770e6c

    • SHA256

      bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec

    • SHA512

      6b1f703c94dcb3b5d33f303dd18c633863f846beb51ce06c574a0030ba7d8e90d71b76893fcf71947186e53567fa8ba9c54cccdce8453610b93df31dad992bf8

    • SSDEEP

      3072:Kiuo2wrg+t38kRKQ9pgEvGW2e861u/s9b2JtD1wZp+Wp+WIrk:Cwg+t3DgEvTV91Ss9bY7KdIr

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks