General
-
Target
1521fd02bc03bdc7228cf23a4100588d_JaffaCakes118
-
Size
648KB
-
Sample
241004-2brphatgrf
-
MD5
1521fd02bc03bdc7228cf23a4100588d
-
SHA1
3910f918b78094e2d33fe0685b59c128a1091c10
-
SHA256
3ae3656938572bd93a2092addd8c4085bc09f106a51f9302bbcec6e7edfa45de
-
SHA512
d3468b105c822d62bab00c7a9e8e9a4738006f3ea1fffff1017702281461be5dc43cfc3d74354872f47ddfcb984a4f5a36d22ccaed8d7d72dd05c6e7618b2e11
-
SSDEEP
12288:qaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6Oilg6:+kK+waI8JRQMEJ2rufRtse9rtv8zlViz
Behavioral task
behavioral1
Sample
1521fd02bc03bdc7228cf23a4100588d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1521fd02bc03bdc7228cf23a4100588d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
1521fd02bc03bdc7228cf23a4100588d_JaffaCakes118
-
Size
648KB
-
MD5
1521fd02bc03bdc7228cf23a4100588d
-
SHA1
3910f918b78094e2d33fe0685b59c128a1091c10
-
SHA256
3ae3656938572bd93a2092addd8c4085bc09f106a51f9302bbcec6e7edfa45de
-
SHA512
d3468b105c822d62bab00c7a9e8e9a4738006f3ea1fffff1017702281461be5dc43cfc3d74354872f47ddfcb984a4f5a36d22ccaed8d7d72dd05c6e7618b2e11
-
SSDEEP
12288:qaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6Oilg6:+kK+waI8JRQMEJ2rufRtse9rtv8zlViz
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-