General

  • Target

    JaffaCakes118_5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417

  • Size

    72KB

  • Sample

    241224-qq9yvaynaq

  • MD5

    bbb8e40c8828fb4649ab6414cea472f8

  • SHA1

    ee633e317ca9a66a97550aa6e5521803a27693e6

  • SHA256

    5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417

  • SHA512

    c9f9c41ba8c99cb3e913e6cffd63be0f5dfc81e08e056d0ce2083e16b344c0990b9455c21c07e7bf34ba46e9514d66d12966c02d2292b5e5e26aef90f2aed06c

  • SSDEEP

    1536:QoD1Mth9k0XBq+adebTry5UNEN5rNKmVcl:QoD1Mthy0MXebTdk5JK8Y

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808

Mutex

bdeyjxzfhfrvuzdyrin

Attributes
  • delay

    3

  • install

    true

  • install_file

    firefoxa.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      JaffaCakes118_5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417

    • Size

      72KB

    • MD5

      bbb8e40c8828fb4649ab6414cea472f8

    • SHA1

      ee633e317ca9a66a97550aa6e5521803a27693e6

    • SHA256

      5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417

    • SHA512

      c9f9c41ba8c99cb3e913e6cffd63be0f5dfc81e08e056d0ce2083e16b344c0990b9455c21c07e7bf34ba46e9514d66d12966c02d2292b5e5e26aef90f2aed06c

    • SSDEEP

      1536:QoD1Mth9k0XBq+adebTry5UNEN5rNKmVcl:QoD1Mthy0MXebTdk5JK8Y

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks