General
-
Target
70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118
-
Size
726KB
-
Sample
240525-cc7pnsaf3w
-
MD5
70814c3d05ff00b7cce5328c19b8c1d6
-
SHA1
13b503ee98876554f191a710ccf6c0d37d75daca
-
SHA256
6dc66741b8e6b8e338c1abd40209191805b169a808df5ee565623ae926b38521
-
SHA512
7ce5250a46b882d78fba0218d46c794e64dc3673520a54858d244537a116128be7146b3db4bf749c13c2664fc8e2edf8c600faa127e01582c3a52c1045f9a8ab
-
SSDEEP
12288:3YdNctvsfu2LVBfKf057C9lRt3i5olGJssozsghz:odNikfu2hBfK8ilRty5olGJsseN
Behavioral task
behavioral1
Sample
70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118
-
Size
726KB
-
MD5
70814c3d05ff00b7cce5328c19b8c1d6
-
SHA1
13b503ee98876554f191a710ccf6c0d37d75daca
-
SHA256
6dc66741b8e6b8e338c1abd40209191805b169a808df5ee565623ae926b38521
-
SHA512
7ce5250a46b882d78fba0218d46c794e64dc3673520a54858d244537a116128be7146b3db4bf749c13c2664fc8e2edf8c600faa127e01582c3a52c1045f9a8ab
-
SSDEEP
12288:3YdNctvsfu2LVBfKf057C9lRt3i5olGJssozsghz:odNikfu2hBfK8ilRty5olGJsseN
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-