General

  • Target

    70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118

  • Size

    726KB

  • Sample

    240525-cc7pnsaf3w

  • MD5

    70814c3d05ff00b7cce5328c19b8c1d6

  • SHA1

    13b503ee98876554f191a710ccf6c0d37d75daca

  • SHA256

    6dc66741b8e6b8e338c1abd40209191805b169a808df5ee565623ae926b38521

  • SHA512

    7ce5250a46b882d78fba0218d46c794e64dc3673520a54858d244537a116128be7146b3db4bf749c13c2664fc8e2edf8c600faa127e01582c3a52c1045f9a8ab

  • SSDEEP

    12288:3YdNctvsfu2LVBfKf057C9lRt3i5olGJssozsghz:odNikfu2hBfK8ilRty5olGJsseN

Malware Config

Targets

    • Target

      70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118

    • Size

      726KB

    • MD5

      70814c3d05ff00b7cce5328c19b8c1d6

    • SHA1

      13b503ee98876554f191a710ccf6c0d37d75daca

    • SHA256

      6dc66741b8e6b8e338c1abd40209191805b169a808df5ee565623ae926b38521

    • SHA512

      7ce5250a46b882d78fba0218d46c794e64dc3673520a54858d244537a116128be7146b3db4bf749c13c2664fc8e2edf8c600faa127e01582c3a52c1045f9a8ab

    • SSDEEP

      12288:3YdNctvsfu2LVBfKf057C9lRt3i5olGJssozsghz:odNikfu2hBfK8ilRty5olGJsseN

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks