General

  • Target

    JaffaCakes118_61ffd11a88da5f4046f4586b08ae56c3292ca6a5b5e7e9d8eee53939c402162e

  • Size

    396KB

  • Sample

    241224-tsxyvasjbj

  • MD5

    44b6f28a25fd6efcd3e2621278df55b2

  • SHA1

    907201facf9b1f3a716217d992876faa9b18047b

  • SHA256

    61ffd11a88da5f4046f4586b08ae56c3292ca6a5b5e7e9d8eee53939c402162e

  • SHA512

    07207c78b6031fd87a6732fb9e5c8d76c1f4b4e5ec3613ed9320b45498d8c47e9c826d0c3d21a6d039abab13c27719f0bdccf500eb9cdddebc6c3c092866b8e9

  • SSDEEP

    12288:8KJuxIbg4qAPuILdyiqo4kKTL2uPZkbzN:7ar1APuIOo+L0zN

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

23.92.209.138:6606

23.92.209.138:7707

23.92.209.138:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Payment Invoice Copy.exe

    • Size

      578KB

    • MD5

      e3bbcd9ecd0c7a43d84c42f47877d766

    • SHA1

      d2fea2b4fa4ded44078f641932d8399af76a9370

    • SHA256

      142615d8e77bb22a168f6f26f374b99b06fa2bc6942627c4170e0983ebdc60ed

    • SHA512

      e3bf21da59e7446c28e28777c4629d9003615e5b5e31b80635b47b6f34220f240875de0340f08dabbefaedccbaf1e792d5ce0e5d51131074cfdf849a38db4e66

    • SSDEEP

      12288:yk/2L2IW2iN/2iNL3uMLdsiqoGksTLCu5ZkbzUH:yQ2Y1J153uM4oaLGzc

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks