General
-
Target
0754d69f78cca7402bd5164adbdc6760_JaffaCakes118
-
Size
3.3MB
-
Sample
240429-ldc15afb28
-
MD5
0754d69f78cca7402bd5164adbdc6760
-
SHA1
5a07e1480132ab37c04094dce11b282d3c5ff180
-
SHA256
27e9254ee7fb8ad0a65e299e42b60d81166f3b956c817d0148b0b9ee2b2d3c89
-
SHA512
889adbf806b5be0777c27cf018ac7b047f37d769d9ce79e8145a8235affe33608a53ce1304dfda3e11f8ed8b006c2f74ff9fb490a1814cd2aa1d94c582557f06
-
SSDEEP
98304:0pre+d4Vn3S4J2W0Upe4QwkN0/Pe2PWJAMT:2e+d4tiE2WRpJNKoP9GAw
Behavioral task
behavioral1
Sample
AA_v3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
AA_v3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
AeroAdmin.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AeroAdmin.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
AnyDesk.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
AnyDesk.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
AA_v3.exe
-
Size
762KB
-
MD5
e9b569f7cbf23d91df065c18f4c43840
-
SHA1
5d7cb1a2ca7db04edf23dd3ed41125c8c867b0ad
-
SHA256
d67c7ef1c8e2cd56e266902bef814ac328d64bbe06086f4ee24fbadbebf39605
-
SHA512
a9f01663b0c0ce9d30bd6760847bf3c18318801634145ec75e047019a8e8a9b13ea8122449b8f45ad40b63d4551cb85230df1b41a41ddc33a39cfcf2ec237ccb
-
SSDEEP
12288:kX5PFc+E0SlpOvcC1KL/q/IZVURtCdshX5x8jR31QEY0VEoge:2P++ZSlpOUC1KT4+URtYshX5aRlQEYte
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
AeroAdmin.exe
-
Size
2.2MB
-
MD5
c984faac414c41839adab61ec608a07e
-
SHA1
2694da22f94b83f7d3c7696ef040f7f0d1122ce6
-
SHA256
dddb977a26860390bd1dbeb4a00e5dab5eac9108190246ada8a76a8510c44dfe
-
SHA512
85314c219a3ae25c3854f67ac95f7cc280b2d140350e79849e152ee59e3c72ab12216173d1dae90b46bba077d254a616af8f323fa8d190661cd70109fe1711e4
-
SSDEEP
49152:D6Q2Kqr1aNUs1T8+IsWTdLraplDXVypwZpT8RlD2JEHQri/r4Ha1LgOoW9YjG2S4:2rQT8jg1lqlD2Jni/r461L1oDjD
Score3/10 -
-
-
Target
AnyDesk.exe
-
Size
2.0MB
-
MD5
bec8a2806dc3260c1d5f1f3d5a0c4417
-
SHA1
36a061d79f4e3ad833ef8c5989b01c7b00eed06c
-
SHA256
6de889f1309e30e024bd5dfcd4cde7a97c4c3d61e5324a09f356811d9db998eb
-
SHA512
087f98334fc2ac7235f7978cd874c09fe3660a041c28a73d65529d365feacf932979e0f6b56ea33e22113ac11148982b8fc55eb713cebad90b74271c2f78b212
-
SSDEEP
49152:H8NCer0ajCVzFuGuPgobZO2qwa5r1LLX38Iug:ipr0ajCVzFG4B2qw0XsIh
Score3/10 -