General

  • Target

    8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118

  • Size

    651KB

  • Sample

    240801-2rrdns1ajj

  • MD5

    8209e8a107f543d85a5121c2d6a275d5

  • SHA1

    c317c6da070436bf5b34f953f0ba89a3c447be81

  • SHA256

    83cff801ac8079dac80397faa70de6945d45f233296af3fc920cad7786248eaa

  • SHA512

    c043e692be3a9533b98335c08eb3701ddbb74022569c91213792ac6592fe6ca0fcaebf1138299bb16f9d1636329e9f5d0c85b069cd8b925d7f440d4249bcfc82

  • SSDEEP

    12288:FaAXOKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6wiegC:reK+waI8JRQMEJ2rufRtse9rtv8zlri2

Malware Config

Targets

    • Target

      8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118

    • Size

      651KB

    • MD5

      8209e8a107f543d85a5121c2d6a275d5

    • SHA1

      c317c6da070436bf5b34f953f0ba89a3c447be81

    • SHA256

      83cff801ac8079dac80397faa70de6945d45f233296af3fc920cad7786248eaa

    • SHA512

      c043e692be3a9533b98335c08eb3701ddbb74022569c91213792ac6592fe6ca0fcaebf1138299bb16f9d1636329e9f5d0c85b069cd8b925d7f440d4249bcfc82

    • SSDEEP

      12288:FaAXOKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6wiegC:reK+waI8JRQMEJ2rufRtse9rtv8zlri2

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks