General

  • Target

    JaffaCakes118_b34617687a2b3b28e571390e329c77fc0d31957e4d85866b518f7881436d7fa3

  • Size

    99KB

  • Sample

    241224-njh6fawmby

  • MD5

    41000a58d7dc98548645131cb16db34e

  • SHA1

    9e9d1b26b192e8c1d783f4c190dd52dccff91ba6

  • SHA256

    b34617687a2b3b28e571390e329c77fc0d31957e4d85866b518f7881436d7fa3

  • SHA512

    df9e4bdc850e438242a8ca76b8e79ef971fc8fc959dad1c9ccbcaca878f072b44d4351f65cc04c202575cd76127af5b5ea375f0b7dd82ba9f6fdbab7e008590a

  • SSDEEP

    1536:XhjBsioyjkiQzkrhxwWtnZ+li9lMNJ7XFoh0g9l/2zpbgTvaCXbOSIutLq:d1lwiyenZH9mNkh04iCXba

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Oct 11

C2

donzola.duckdns.org:2000

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DOC_20221012_094045716/DOC_20221012_094045716.scr

    • Size

      406.0MB

    • MD5

      e95cc5f4f2be88cdd778ddb951e287e4

    • SHA1

      478fca06aeb68ab97d2e99c1436b4cc3370ec6d9

    • SHA256

      e5b25e4f90530ff9fad1f617d8347f497a8bdba07e707f522564132a5bfab0b5

    • SHA512

      23f420f9e904ab6b2d8954ef2232cd8b84560c8f856bc83e74d8eb17228def2dc6be09db8aa7f8a67d5914be2e2e228cd483d818602a79397f96c709c5e5c49a

    • SSDEEP

      3072:M+rR+Y6VgvQdJK0vtNZg/V7S+O+dvvAun:M+BFI3vtNZNH+dv

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks