asyncrat | JaffaCakes118_af6759181ddc129787783cbabdbc102dde964ec38de511442129c4b16c07b1d6

General

Target

JaffaCakes118_af6759181ddc129787783cbabdbc102dde964ec38de511442129c4b16c07b1d6
Size

70KB
MD5

3bb402f6808d49a02b3b7cf27eafa468
SHA1

05cdca3a0481682c90e474a4c43b85cf6eb47857
SHA256

af6759181ddc129787783cbabdbc102dde964ec38de511442129c4b16c07b1d6
SHA512

b7b972419d895b4f44cd87419bb5540f37ffb60c5281586081506794b165946ae42a416d3d3536686848c06f89996f9d56e6c9a7fa8cb2870d6e12dba4d81f65
SSDEEP

1536:6X3SNEI9edNG+UY6BBXTxa0a47KYuKT6o5AodxaGgUnyst:VNEI9edNG467jx4wuWH5/dxxgUd

Score

10^/10

rat spread asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Spread

C2

5.tcp.eu.ngrok.io:14113

Mutex

jrnwjkrntpiufsejnt

Attributes

delay
1
install
true
install_file
MsEdge.exe
install_folder
%Temp%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/3369432d1d4735175c7c25029ab3bd1d9cf3293f0bb48790d77a10cc751af744	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3369432d1d4735175c7c25029ab3bd1d9cf3293f0bb48790d77a10cc751af744

Files

JaffaCakes118_af6759181ddc129787783cbabdbc102dde964ec38de511442129c4b16c07b1d6
.zip

Password: infected
3369432d1d4735175c7c25029ab3bd1d9cf3293f0bb48790d77a10cc751af744
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 512B - Virtual size: 12B