Overview

overview

10

Static

static

1

JaffaCakes...f6.ps1

windows7-x64

3

JaffaCakes...f6.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_48cf671b76382e269d5df9a54d13eef6

  • Size

    84KB

  • Sample

    250101-f46s8swlgw

  • MD5

    48cf671b76382e269d5df9a54d13eef6

  • SHA1

    9ae3c7c3777081954e0e2dcc2cad7572be563c3a

  • SHA256

    e73cf088fe7f739370ea226f1afbf172608d9a14af240fd58411ccbf21c7d27b

  • SHA512

    109e101c75440d536d0cd629b31e27ed0d7f29c9742d532e505390225f585ba0e33bfa9066055a62f73023380f371bc0a0b49474e2482d639fc149302ba79668

  • SSDEEP

    1536:TcSoPFh67RiCEvzo/rJV4Jx59PwpMvj7QInrLdJg9mRY1tW:kvE9WJ1PRnrJJgUGW

Score
10/10
asyncratdefaultdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

rick63.publicvm.com:5900

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      JaffaCakes118_48cf671b76382e269d5df9a54d13eef6

    • Size

      84KB

    • MD5

      48cf671b76382e269d5df9a54d13eef6

    • SHA1

      9ae3c7c3777081954e0e2dcc2cad7572be563c3a

    • SHA256

      e73cf088fe7f739370ea226f1afbf172608d9a14af240fd58411ccbf21c7d27b

    • SHA512

      109e101c75440d536d0cd629b31e27ed0d7f29c9742d532e505390225f585ba0e33bfa9066055a62f73023380f371bc0a0b49474e2482d639fc149302ba79668

    • SSDEEP

      1536:TcSoPFh67RiCEvzo/rJV4Jx59PwpMvj7QInrLdJg9mRY1tW:kvE9WJ1PRnrJJgUGW

    Score
    10/10
    executionasyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks