General

  • Target

    1521fd02bc03bdc7228cf23a4100588d_JaffaCakes118

  • Size

    648KB

  • Sample

    241004-2brphatgrf

  • MD5

    1521fd02bc03bdc7228cf23a4100588d

  • SHA1

    3910f918b78094e2d33fe0685b59c128a1091c10

  • SHA256

    3ae3656938572bd93a2092addd8c4085bc09f106a51f9302bbcec6e7edfa45de

  • SHA512

    d3468b105c822d62bab00c7a9e8e9a4738006f3ea1fffff1017702281461be5dc43cfc3d74354872f47ddfcb984a4f5a36d22ccaed8d7d72dd05c6e7618b2e11

  • SSDEEP

    12288:qaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6Oilg6:+kK+waI8JRQMEJ2rufRtse9rtv8zlViz

Malware Config

Targets

    • Target

      1521fd02bc03bdc7228cf23a4100588d_JaffaCakes118

    • Size

      648KB

    • MD5

      1521fd02bc03bdc7228cf23a4100588d

    • SHA1

      3910f918b78094e2d33fe0685b59c128a1091c10

    • SHA256

      3ae3656938572bd93a2092addd8c4085bc09f106a51f9302bbcec6e7edfa45de

    • SHA512

      d3468b105c822d62bab00c7a9e8e9a4738006f3ea1fffff1017702281461be5dc43cfc3d74354872f47ddfcb984a4f5a36d22ccaed8d7d72dd05c6e7618b2e11

    • SSDEEP

      12288:qaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6Oilg6:+kK+waI8JRQMEJ2rufRtse9rtv8zlViz

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks