General

  • Target

    b2d7dd7195b34c26e5faf1fcf10b653e_JaffaCakes118

  • Size

    748KB

  • Sample

    240616-lp4m8asdnk

  • MD5

    b2d7dd7195b34c26e5faf1fcf10b653e

  • SHA1

    c17ad78a2ae96ad1c04d4d853f2614ecb9966729

  • SHA256

    ce53586b70d395f8b3a56a6afc23bed0296e2aa53914fd2e4f229c4dac9ac9c9

  • SHA512

    f55f9bad73f919d55562037004bdad9b550fe90fcafb71faffd65a1dc58ab49116801b4fe1f5e648e8ea9a983cfde1ffe31ee46258460cbeb46ed9b9a1ef7ad9

  • SSDEEP

    12288:/VFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVVigG:PUEUUw9RaTNicBrPFRtJ1iVTsCfG

Malware Config

Targets

    • Target

      b2d7dd7195b34c26e5faf1fcf10b653e_JaffaCakes118

    • Size

      748KB

    • MD5

      b2d7dd7195b34c26e5faf1fcf10b653e

    • SHA1

      c17ad78a2ae96ad1c04d4d853f2614ecb9966729

    • SHA256

      ce53586b70d395f8b3a56a6afc23bed0296e2aa53914fd2e4f229c4dac9ac9c9

    • SHA512

      f55f9bad73f919d55562037004bdad9b550fe90fcafb71faffd65a1dc58ab49116801b4fe1f5e648e8ea9a983cfde1ffe31ee46258460cbeb46ed9b9a1ef7ad9

    • SSDEEP

      12288:/VFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVVigG:PUEUUw9RaTNicBrPFRtJ1iVTsCfG

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks