General

  • Target

    0754d69f78cca7402bd5164adbdc6760_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240429-ldc15afb28

  • MD5

    0754d69f78cca7402bd5164adbdc6760

  • SHA1

    5a07e1480132ab37c04094dce11b282d3c5ff180

  • SHA256

    27e9254ee7fb8ad0a65e299e42b60d81166f3b956c817d0148b0b9ee2b2d3c89

  • SHA512

    889adbf806b5be0777c27cf018ac7b047f37d769d9ce79e8145a8235affe33608a53ce1304dfda3e11f8ed8b006c2f74ff9fb490a1814cd2aa1d94c582557f06

  • SSDEEP

    98304:0pre+d4Vn3S4J2W0Upe4QwkN0/Pe2PWJAMT:2e+d4tiE2WRpJNKoP9GAw

Malware Config

Targets

    • Target

      AA_v3.exe

    • Size

      762KB

    • MD5

      e9b569f7cbf23d91df065c18f4c43840

    • SHA1

      5d7cb1a2ca7db04edf23dd3ed41125c8c867b0ad

    • SHA256

      d67c7ef1c8e2cd56e266902bef814ac328d64bbe06086f4ee24fbadbebf39605

    • SHA512

      a9f01663b0c0ce9d30bd6760847bf3c18318801634145ec75e047019a8e8a9b13ea8122449b8f45ad40b63d4551cb85230df1b41a41ddc33a39cfcf2ec237ccb

    • SSDEEP

      12288:kX5PFc+E0SlpOvcC1KL/q/IZVURtCdshX5x8jR31QEY0VEoge:2P++ZSlpOUC1KT4+URtYshX5aRlQEYte

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      AeroAdmin.exe

    • Size

      2.2MB

    • MD5

      c984faac414c41839adab61ec608a07e

    • SHA1

      2694da22f94b83f7d3c7696ef040f7f0d1122ce6

    • SHA256

      dddb977a26860390bd1dbeb4a00e5dab5eac9108190246ada8a76a8510c44dfe

    • SHA512

      85314c219a3ae25c3854f67ac95f7cc280b2d140350e79849e152ee59e3c72ab12216173d1dae90b46bba077d254a616af8f323fa8d190661cd70109fe1711e4

    • SSDEEP

      49152:D6Q2Kqr1aNUs1T8+IsWTdLraplDXVypwZpT8RlD2JEHQri/r4Ha1LgOoW9YjG2S4:2rQT8jg1lqlD2Jni/r461L1oDjD

    Score
    3/10
    • Target

      AnyDesk.exe

    • Size

      2.0MB

    • MD5

      bec8a2806dc3260c1d5f1f3d5a0c4417

    • SHA1

      36a061d79f4e3ad833ef8c5989b01c7b00eed06c

    • SHA256

      6de889f1309e30e024bd5dfcd4cde7a97c4c3d61e5324a09f356811d9db998eb

    • SHA512

      087f98334fc2ac7235f7978cd874c09fe3660a041c28a73d65529d365feacf932979e0f6b56ea33e22113ac11148982b8fc55eb713cebad90b74271c2f78b212

    • SSDEEP

      49152:H8NCer0ajCVzFuGuPgobZO2qwa5r1LLX38Iug:ipr0ajCVzFG4B2qw0XsIh

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks