General
-
Target
8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118
-
Size
651KB
-
Sample
240801-2rrdns1ajj
-
MD5
8209e8a107f543d85a5121c2d6a275d5
-
SHA1
c317c6da070436bf5b34f953f0ba89a3c447be81
-
SHA256
83cff801ac8079dac80397faa70de6945d45f233296af3fc920cad7786248eaa
-
SHA512
c043e692be3a9533b98335c08eb3701ddbb74022569c91213792ac6592fe6ca0fcaebf1138299bb16f9d1636329e9f5d0c85b069cd8b925d7f440d4249bcfc82
-
SSDEEP
12288:FaAXOKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6wiegC:reK+waI8JRQMEJ2rufRtse9rtv8zlri2
Behavioral task
behavioral1
Sample
8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118
-
Size
651KB
-
MD5
8209e8a107f543d85a5121c2d6a275d5
-
SHA1
c317c6da070436bf5b34f953f0ba89a3c447be81
-
SHA256
83cff801ac8079dac80397faa70de6945d45f233296af3fc920cad7786248eaa
-
SHA512
c043e692be3a9533b98335c08eb3701ddbb74022569c91213792ac6592fe6ca0fcaebf1138299bb16f9d1636329e9f5d0c85b069cd8b925d7f440d4249bcfc82
-
SSDEEP
12288:FaAXOKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6wiegC:reK+waI8JRQMEJ2rufRtse9rtv8zlri2
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-