General
-
Target
JaffaCakes118_19a77f722376ae5b3c3aa174d88b44f340842cb4e46ad7285016112834f78d98
-
Size
33KB
-
Sample
241224-qypb4sylhz
-
MD5
8e1bf53eb608838ac000c476402d5f40
-
SHA1
a5267f22d6ab8779fca42c6cbf72136c478fdd8c
-
SHA256
19a77f722376ae5b3c3aa174d88b44f340842cb4e46ad7285016112834f78d98
-
SHA512
ca54185b3aa245157ccc4c8875e5f447b44ac12746959cfa7b75727f04b0b7028760ccf987b95e4e4a00dc0418024bd6b25e57888a7b763e1c747568e3ac0cbc
-
SSDEEP
768:BjKOXD+oASKMNAFKXS9R3S1R4dYR7SeEur+pPAfQZiUTcMk:3+YKMbXS9RmRcsRrn4ZiUTcL
Static task
static1
Behavioral task
behavioral1
Sample
fe3945266e7dfdc99e44bc02c024925710957c7123f71e8b81f97403849cc272.ps1
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
1.0.7
Default
crazydns.linkpc.net:5900
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
fe3945266e7dfdc99e44bc02c024925710957c7123f71e8b81f97403849cc272
-
Size
121KB
-
MD5
1073f4f0b62cc79342a1eb72a4c4da50
-
SHA1
0ee22d55eafa3068b009253a35344fed4e0b9088
-
SHA256
fe3945266e7dfdc99e44bc02c024925710957c7123f71e8b81f97403849cc272
-
SHA512
c0280b4f08b8d878e4bb66427ed6985474fb5ed44eed6c87329c8f4a157515bc7b265275751a818da430d9203237c4dc4b1e2b58e7f78c23e79b578974ba9e72
-
SSDEEP
3072:1yZ/nst2lwqWa84XadqQ8we/+P3fkdYkBa:4Nxwe/+P3feYkBa
-
Asyncrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-