General
-
Target
JaffaCakes118_3aa48400e3e1c4445de1af0ad00e98a503e6606eb979e0e546278f22bf0fb2cd
-
Size
72KB
-
Sample
241224-dfyfvazraq
-
MD5
83e4f77cae137c7bff6a24007930ea56
-
SHA1
45139cb5e3d5dfde3a190481623a66cb6716e1af
-
SHA256
3aa48400e3e1c4445de1af0ad00e98a503e6606eb979e0e546278f22bf0fb2cd
-
SHA512
a57d5d62a74a6d948db770f51497985b170c761f8c7ad849c9e6d8de902def26f1e8cc7c56498fb1f9c71cc84cc6b5fca5a12c703a35cb16c0cff48eb90b315c
-
SSDEEP
1536:EoD1Mth9MRwaeb4hSFqmOoy8grJKmVcl:EoD1MthMwaeb4G4ocNK8Y
Behavioral task
behavioral1
Sample
JaffaCakes118_3aa48400e3e1c4445de1af0ad00e98a503e6606eb979e0e546278f22bf0fb2cd.exe
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
sdjacffkienmtfsm
-
delay
9
-
install
true
-
install_file
firfafox.exe
-
install_folder
%AppData%
Targets
-
-
Target
JaffaCakes118_3aa48400e3e1c4445de1af0ad00e98a503e6606eb979e0e546278f22bf0fb2cd
-
Size
72KB
-
MD5
83e4f77cae137c7bff6a24007930ea56
-
SHA1
45139cb5e3d5dfde3a190481623a66cb6716e1af
-
SHA256
3aa48400e3e1c4445de1af0ad00e98a503e6606eb979e0e546278f22bf0fb2cd
-
SHA512
a57d5d62a74a6d948db770f51497985b170c761f8c7ad849c9e6d8de902def26f1e8cc7c56498fb1f9c71cc84cc6b5fca5a12c703a35cb16c0cff48eb90b315c
-
SSDEEP
1536:EoD1Mth9MRwaeb4hSFqmOoy8grJKmVcl:EoD1MthMwaeb4G4ocNK8Y
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-