General
-
Target
JaffaCakes118_e6e1a08dd16e11fc0a57a63d0abb78afc9b131f8300f648fc9461fae383b0874
-
Size
54KB
-
Sample
241229-f6743stpay
-
MD5
53a4e471a6c3f304d8952e8511839596
-
SHA1
49183c9754dd0c90f184533a667b34eaf6ed32aa
-
SHA256
e6e1a08dd16e11fc0a57a63d0abb78afc9b131f8300f648fc9461fae383b0874
-
SHA512
59cb40ce34aed07ddbb3ffd83afc79c915190e542c0239be17c0344163885c24f9d325a54b2de3c0a497ca4dece0c286899c1001e3586e0f5086338125768a42
-
SSDEEP
1536:mYDyqKzxDa+tcETTdKTg+SlaIvBxGh4kE6wt3sLN0mL:mYDcxDZtfdj+DIvB5j6wdsLN0+
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
chromedata.accesscam.org:7707
chromedata.accesscam.org:4404
chromedata.accesscam.org:5505
chromedata.accesscam.org:3303
chromedata.accesscam.org:2222
chromedata.accesscam.org:6606
chromedata.accesscam.org:8808
chromedata.accesscam.org:5155
chromedata.accesscam.org:5122
chromedata.accesscam.org:8001
chromedata.accesscam.org:9000
chromedata.accesscam.org:9999
chromedata.accesscam.org:8888
cdt.3utilities.com:7707
cdt.3utilities.com:4404
cdt.3utilities.com:5505
cdt.3utilities.com:3303
cdt.3utilities.com:2222
cdt.3utilities.com:6606
cdt.3utilities.com:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
DesbravadorUpdata.exe
-
install_folder
%AppData%
Targets
-
-
Target
aaf4a4acaa8e45b1cbd8a3da7c988ba6465a3a2a714abaacb632230e91556d28.ps1
-
Size
187KB
-
MD5
a345138c96b8d5b50e401192b819d49d
-
SHA1
bdcc4ef88b1d5377409ad2f45fcb4e04d8fba5c3
-
SHA256
aaf4a4acaa8e45b1cbd8a3da7c988ba6465a3a2a714abaacb632230e91556d28
-
SHA512
942d48b221dbe2a67b9edc5992aef3a54438befe715ded5996437b17ed2ccad1c647b74273792567819c3cca8f95940595cbd8e25d9c6a43c391452770c77bed
-
SSDEEP
3072:ngijttzaOYYzmqIzDNSuoT3ApmNwLqU/QIU:nT/zaOYYz4zDNo3Apm6qU/QIU
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Suspicious use of SetThreadContext
-