General

  • Target

    cee61f99f9b0b9e118ff49d8405ece85_JaffaCakes118

  • Size

    643KB

  • Sample

    240906-hc784a1hma

  • MD5

    cee61f99f9b0b9e118ff49d8405ece85

  • SHA1

    2eeaa9117704d6103374db01a2117c3c3a42df30

  • SHA256

    9ad323b95112e72c7a8eacb9cad47257bf27da4d92e61f9747171d10c276e8d0

  • SHA512

    7db52166318d13c7ba4a4df551bcc1e0c034273b3a4e87837fc227c02f76fb448865ca7330e98e7005dba013d999949bf30869d2c47c9c0cf00c9ec8fe1b6519

  • SSDEEP

    12288:4TW0zR/9lThgzEkrJlNJy2GlcC2g2vRtdDxOtNbsJ06WiIg9:olT2ZJlNg2nvvRtpxOzbI0NiN9

Malware Config

Targets

    • Target

      cee61f99f9b0b9e118ff49d8405ece85_JaffaCakes118

    • Size

      643KB

    • MD5

      cee61f99f9b0b9e118ff49d8405ece85

    • SHA1

      2eeaa9117704d6103374db01a2117c3c3a42df30

    • SHA256

      9ad323b95112e72c7a8eacb9cad47257bf27da4d92e61f9747171d10c276e8d0

    • SHA512

      7db52166318d13c7ba4a4df551bcc1e0c034273b3a4e87837fc227c02f76fb448865ca7330e98e7005dba013d999949bf30869d2c47c9c0cf00c9ec8fe1b6519

    • SSDEEP

      12288:4TW0zR/9lThgzEkrJlNJy2GlcC2g2vRtdDxOtNbsJ06WiIg9:olT2ZJlNg2nvvRtpxOzbI0NiN9

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks