General

  • Target

    JaffaCakes118_82dbd2c8c85902531ba683ae097c42a567a503054bbea2292e4741935018d7d4

  • Size

    174KB

  • Sample

    241224-np33sswqhl

  • MD5

    3fe238127cb8342c39e456c6d3d9326c

  • SHA1

    3cb30efce98cd8e08e1fec064d7bd010376bc61a

  • SHA256

    82dbd2c8c85902531ba683ae097c42a567a503054bbea2292e4741935018d7d4

  • SHA512

    23d0ee60cebacf6b64f73659c58fee78f90e5c7cff2a682e67114c75ee074106bfbc6e09c903206ae9b82923b957e8ef72260e9fa2446b655fa60f7d5ae52093

  • SSDEEP

    3072:KvFB3pm2NTQalRz3s0bRhQevjHAdcGX6OqVy2cSdL0uLvSfaMa7vMPlalVQ+:6kBk3s0z5c6Oky2cSd0uzSfaMa7v6al5

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

29/7

C2

vvat22.con-ip.com:7707

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1.ps1

    • Size

      257KB

    • MD5

      fa9de551f6fd38a4b04e3207e08e846c

    • SHA1

      2ef8eb4e82ce9f52e5fa61e04fec1f9b92230903

    • SHA256

      f8dae9c1f9c629a6811c6b2fc648b8f952a0331a1d5c04005808b4daeeae93fb

    • SHA512

      ed8024a8279f3ac1a4d4b3be7214b9ec0d429a7228ea126e298034c4952e0ce048f7c83d4e0aab0760701653a0a77aea82cd94ae5b59161cae811a93c212c3ce

    • SSDEEP

      6144:JRQRmeIR/ENCsOFAjL3vTV8MG0NsPSSzQw6ACnfRFG5jS:zXiL7XvLw6Ak6W

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • Target

      2.ps1

    • Size

      257KB

    • MD5

      1782325a32c0d152d2fc5f936764096b

    • SHA1

      32708733721654fd7ce18a2cc5859404dd365b48

    • SHA256

      e1dd619f137db33a6223900a330af2c9bb58b55b01504f142a27a4f44880a3ca

    • SHA512

      592aa5ef0a6b9f746538e503d40c250122a166db9fbd37ce08607b210ecdb09d7b42c5ca898d4b7ff0b3544f202aa7a52b7704f148f66df38ae9c836468b56a4

    • SSDEEP

      6144:aRQRmeIR/ENCsOFAjL3vTV8MG0NsPSSzQw6ACnfRFG5jc:wXiL7XvLw6Ak6o

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks