General

  • Target

    JaffaCakes118_bd699ddc84aab6948f952d2f08dbad12

  • Size

    3.0MB

  • Sample

    250109-e3xy9s1kgr

  • MD5

    bd699ddc84aab6948f952d2f08dbad12

  • SHA1

    b983ff066083f62d4b8ee8832256c1e745eca1ff

  • SHA256

    95b609ceb06e3e98fa3f2d380bb9cfff4816610f416523aa684b68743a8c5f79

  • SHA512

    aed7e1966fc9e61bbf56e90a78ea31e23500e33317e5b7d8bd8c7fe66473f5084ab70976947e879e76da4560535290007c27dd74813dd92f84befe45b6223e93

  • SSDEEP

    98304:LGrj7Ltr7xuKP4Fi3xQNCrZdOpPuTPWncwlQ4:YvJV74EWNCrZd4mrWncW

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

asd

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

asd

Attributes
  • delay

    3

  • install

    true

  • install_file

    virus.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      JaffaCakes118_bd699ddc84aab6948f952d2f08dbad12

    • Size

      3.0MB

    • MD5

      bd699ddc84aab6948f952d2f08dbad12

    • SHA1

      b983ff066083f62d4b8ee8832256c1e745eca1ff

    • SHA256

      95b609ceb06e3e98fa3f2d380bb9cfff4816610f416523aa684b68743a8c5f79

    • SHA512

      aed7e1966fc9e61bbf56e90a78ea31e23500e33317e5b7d8bd8c7fe66473f5084ab70976947e879e76da4560535290007c27dd74813dd92f84befe45b6223e93

    • SSDEEP

      98304:LGrj7Ltr7xuKP4Fi3xQNCrZdOpPuTPWncwlQ4:YvJV74EWNCrZd4mrWncW

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks