General

  • Target

    0dcf6b80de9636e9f2d58825842404ee_JaffaCakes118

  • Size

    704KB

  • Sample

    241003-ej5j1atcnl

  • MD5

    0dcf6b80de9636e9f2d58825842404ee

  • SHA1

    56197059d0319560d256b067a90b01131cd44733

  • SHA256

    8d6e783c42531ba3a8c823293d399c08f0ef07c007213f40f253aea1ddfc7dfe

  • SHA512

    91bf4a8336420555d31bbd94c079f56575386c2a9659956def2be780c06ba6eb8b04a447c9109d739b081be0fd37248a077ac6381d05af0b54d393053d25a996

  • SSDEEP

    12288:YKHp9fDIItMm2o44sGTdBqWvwD+8ChCbW3XTjY1r1RtH8ePhAU5u0AhpZxAhkg1:YorLkbDEhyW3XS1RtcePKUBATZx81

Malware Config

Targets

    • Target

      0dcf6b80de9636e9f2d58825842404ee_JaffaCakes118

    • Size

      704KB

    • MD5

      0dcf6b80de9636e9f2d58825842404ee

    • SHA1

      56197059d0319560d256b067a90b01131cd44733

    • SHA256

      8d6e783c42531ba3a8c823293d399c08f0ef07c007213f40f253aea1ddfc7dfe

    • SHA512

      91bf4a8336420555d31bbd94c079f56575386c2a9659956def2be780c06ba6eb8b04a447c9109d739b081be0fd37248a077ac6381d05af0b54d393053d25a996

    • SSDEEP

      12288:YKHp9fDIItMm2o44sGTdBqWvwD+8ChCbW3XTjY1r1RtH8ePhAU5u0AhpZxAhkg1:YorLkbDEhyW3XS1RtcePKUBATZx81

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks