General

  • Target

    JaffaCakes118_19a77f722376ae5b3c3aa174d88b44f340842cb4e46ad7285016112834f78d98

  • Size

    33KB

  • Sample

    241224-qypb4sylhz

  • MD5

    8e1bf53eb608838ac000c476402d5f40

  • SHA1

    a5267f22d6ab8779fca42c6cbf72136c478fdd8c

  • SHA256

    19a77f722376ae5b3c3aa174d88b44f340842cb4e46ad7285016112834f78d98

  • SHA512

    ca54185b3aa245157ccc4c8875e5f447b44ac12746959cfa7b75727f04b0b7028760ccf987b95e4e4a00dc0418024bd6b25e57888a7b763e1c747568e3ac0cbc

  • SSDEEP

    768:BjKOXD+oASKMNAFKXS9R3S1R4dYR7SeEur+pPAfQZiUTcMk:3+YKMbXS9RmRcsRrn4ZiUTcL

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

crazydns.linkpc.net:5900

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      fe3945266e7dfdc99e44bc02c024925710957c7123f71e8b81f97403849cc272

    • Size

      121KB

    • MD5

      1073f4f0b62cc79342a1eb72a4c4da50

    • SHA1

      0ee22d55eafa3068b009253a35344fed4e0b9088

    • SHA256

      fe3945266e7dfdc99e44bc02c024925710957c7123f71e8b81f97403849cc272

    • SHA512

      c0280b4f08b8d878e4bb66427ed6985474fb5ed44eed6c87329c8f4a157515bc7b265275751a818da430d9203237c4dc4b1e2b58e7f78c23e79b578974ba9e72

    • SSDEEP

      3072:1yZ/nst2lwqWa84XadqQ8we/+P3fkdYkBa:4Nxwe/+P3feYkBa

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks