General

  • Target

    2e640bb223b75771ef70da6caec1a310_JaffaCakes118

  • Size

    866KB

  • Sample

    240510-k5999sed3w

  • MD5

    2e640bb223b75771ef70da6caec1a310

  • SHA1

    c54cfee060b84c4dd45a34aea1107eb8dc2f9a0e

  • SHA256

    adf27e3889392a97a96e7e7d1fc411d9a3e47f4ce2aa769a6f756ed439532b0b

  • SHA512

    12ab7c909f8f41c087d6a75d5b9aff9abc1adcc5a981d2d5d75ef757a6bf362ce9c9f9cb921ef843f959aa2453adde1997488516e670594259bc0355f982b7b6

  • SSDEEP

    12288:g0nyfXuIBDtfu7HbKa/x1MMmWvbi//4aOHdWO6miOEhSqvxzx/0JFlsPY1lvbHYK:dny/f9upl6NObKzPp0JX6CkK

Malware Config

Targets

    • Target

      2e640bb223b75771ef70da6caec1a310_JaffaCakes118

    • Size

      866KB

    • MD5

      2e640bb223b75771ef70da6caec1a310

    • SHA1

      c54cfee060b84c4dd45a34aea1107eb8dc2f9a0e

    • SHA256

      adf27e3889392a97a96e7e7d1fc411d9a3e47f4ce2aa769a6f756ed439532b0b

    • SHA512

      12ab7c909f8f41c087d6a75d5b9aff9abc1adcc5a981d2d5d75ef757a6bf362ce9c9f9cb921ef843f959aa2453adde1997488516e670594259bc0355f982b7b6

    • SSDEEP

      12288:g0nyfXuIBDtfu7HbKa/x1MMmWvbi//4aOHdWO6miOEhSqvxzx/0JFlsPY1lvbHYK:dny/f9upl6NObKzPp0JX6CkK

    • Ammyy Admin

      Remote admin tool with various capabilities.

    • AmmyyAdmin payload

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Creates new service(s)

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks