General

  • Target

    fd99965cd59febc027fce1ab22f3ae0f_JaffaCakes118

  • Size

    393KB

  • Sample

    240929-cnw3bayeqe

  • MD5

    fd99965cd59febc027fce1ab22f3ae0f

  • SHA1

    b4f2d950423da854348c8dfa28cc68b90c674be2

  • SHA256

    9eb5ff781349981303805f00b97afb2a4ef551ba2906a1544332642d71713cae

  • SHA512

    c0dbe875e6fc6518687eb76cfde4fec4736089cc7ffb44586dfb7667d8710eb4698479d6ab35be5ccc2cbfbed291eac2cf0871f207377bcf3c99e76c70683ef1

  • SSDEEP

    12288:GJ9NPKK6+19YOOdhxXlrRtZrjqFAHYzNWzNeCjimEq:Q9NPKK0OkrBrmFAHYWJ7ji6

Malware Config

Targets

    • Target

      AA_v3.exe

    • Size

      755KB

    • MD5

      11bc606269a161555431bacf37f7c1e4

    • SHA1

      63c52b0ac68ab7464e2cd777442a5807db9b5383

    • SHA256

      1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed

    • SHA512

      0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f

    • SSDEEP

      12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks