General
-
Target
JaffaCakes118_5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417
-
Size
72KB
-
Sample
241224-qq9yvaynaq
-
MD5
bbb8e40c8828fb4649ab6414cea472f8
-
SHA1
ee633e317ca9a66a97550aa6e5521803a27693e6
-
SHA256
5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417
-
SHA512
c9f9c41ba8c99cb3e913e6cffd63be0f5dfc81e08e056d0ce2083e16b344c0990b9455c21c07e7bf34ba46e9514d66d12966c02d2292b5e5e26aef90f2aed06c
-
SSDEEP
1536:QoD1Mth9k0XBq+adebTry5UNEN5rNKmVcl:QoD1Mthy0MXebTdk5JK8Y
Behavioral task
behavioral1
Sample
JaffaCakes118_5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417.exe
Resource
win7-20241023-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
bdeyjxzfhfrvuzdyrin
-
delay
3
-
install
true
-
install_file
firefoxa.exe
-
install_folder
%AppData%
Targets
-
-
Target
JaffaCakes118_5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417
-
Size
72KB
-
MD5
bbb8e40c8828fb4649ab6414cea472f8
-
SHA1
ee633e317ca9a66a97550aa6e5521803a27693e6
-
SHA256
5aaec1bda08134d46382d217dbeba5a93a5969cb6ad918c04476086a21e8d417
-
SHA512
c9f9c41ba8c99cb3e913e6cffd63be0f5dfc81e08e056d0ce2083e16b344c0990b9455c21c07e7bf34ba46e9514d66d12966c02d2292b5e5e26aef90f2aed06c
-
SSDEEP
1536:QoD1Mth9k0XBq+adebTry5UNEN5rNKmVcl:QoD1Mthy0MXebTdk5JK8Y
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-