General
-
Target
cee61f99f9b0b9e118ff49d8405ece85_JaffaCakes118
-
Size
643KB
-
Sample
240906-hc784a1hma
-
MD5
cee61f99f9b0b9e118ff49d8405ece85
-
SHA1
2eeaa9117704d6103374db01a2117c3c3a42df30
-
SHA256
9ad323b95112e72c7a8eacb9cad47257bf27da4d92e61f9747171d10c276e8d0
-
SHA512
7db52166318d13c7ba4a4df551bcc1e0c034273b3a4e87837fc227c02f76fb448865ca7330e98e7005dba013d999949bf30869d2c47c9c0cf00c9ec8fe1b6519
-
SSDEEP
12288:4TW0zR/9lThgzEkrJlNJy2GlcC2g2vRtdDxOtNbsJ06WiIg9:olT2ZJlNg2nvvRtpxOzbI0NiN9
Behavioral task
behavioral1
Sample
cee61f99f9b0b9e118ff49d8405ece85_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cee61f99f9b0b9e118ff49d8405ece85_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
cee61f99f9b0b9e118ff49d8405ece85_JaffaCakes118
-
Size
643KB
-
MD5
cee61f99f9b0b9e118ff49d8405ece85
-
SHA1
2eeaa9117704d6103374db01a2117c3c3a42df30
-
SHA256
9ad323b95112e72c7a8eacb9cad47257bf27da4d92e61f9747171d10c276e8d0
-
SHA512
7db52166318d13c7ba4a4df551bcc1e0c034273b3a4e87837fc227c02f76fb448865ca7330e98e7005dba013d999949bf30869d2c47c9c0cf00c9ec8fe1b6519
-
SSDEEP
12288:4TW0zR/9lThgzEkrJlNJy2GlcC2g2vRtdDxOtNbsJ06WiIg9:olT2ZJlNg2nvvRtpxOzbI0NiN9
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-