General

  • Target

    fcc84b2913606db9ed575affe65591ae_JaffaCakes118

  • Size

    322KB

  • Sample

    240420-pssxnshe5w

  • MD5

    fcc84b2913606db9ed575affe65591ae

  • SHA1

    a6b6c3e28d245df70c307c354eab877e5fb8efd2

  • SHA256

    34ee9da62967a53c3bf97f9301aa9353a3b42e5bd40c3122b929e50e08d146c5

  • SHA512

    5e6f9b0040acea1dce8463bd30eb7905de215fd378d112a4d50dd80303539c38e1f516b7512297c215ae77050445785f994a96b7c8ea94a075ea340229b7e0c7

  • SSDEEP

    6144:MtU6T/wE1MFGonDrJU2kY1b94hsmjVTPdgBGE7YpqTFIVo+AxU36WDbl3:aU+/wEKAonDrFyhtTR+YQTL+Axg

Malware Config

Targets

    • Target

      fcc84b2913606db9ed575affe65591ae_JaffaCakes118

    • Size

      322KB

    • MD5

      fcc84b2913606db9ed575affe65591ae

    • SHA1

      a6b6c3e28d245df70c307c354eab877e5fb8efd2

    • SHA256

      34ee9da62967a53c3bf97f9301aa9353a3b42e5bd40c3122b929e50e08d146c5

    • SHA512

      5e6f9b0040acea1dce8463bd30eb7905de215fd378d112a4d50dd80303539c38e1f516b7512297c215ae77050445785f994a96b7c8ea94a075ea340229b7e0c7

    • SSDEEP

      6144:MtU6T/wE1MFGonDrJU2kY1b94hsmjVTPdgBGE7YpqTFIVo+AxU36WDbl3:aU+/wEKAonDrFyhtTR+YQTL+Axg

    • Ammyy Admin

      Remote admin tool with various capabilities.

    • AmmyyAdmin payload

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks