General

  • Target

    1954f7c5cf2ed21665937051cdb8b9d4_JaffaCakes118

  • Size

    330KB

  • Sample

    241006-xxjhssvfpd

  • MD5

    1954f7c5cf2ed21665937051cdb8b9d4

  • SHA1

    37b324eb046260d19fa038b6829a06aa5ae73af8

  • SHA256

    b29d4f97b9274450f159bd7e712738814b6643140be3ecb8e37a4c3aaec9354c

  • SHA512

    bec30d6156da8b0e04a8831057eeb3d208e4385ee9d917d6c11a46eeac7e2e2b53502b10395e6d295caf5732d62a881d006e6f076e6ce653647eee5f8d57df80

  • SSDEEP

    6144:ANuIJXtgwj5YkigHnoAlBKeUHM9V0WGqfiK6vRuTFzHteF2MmH0q/LTgv:AoI13j5YkdBKpHCBLiK+uTFzHteXmvjY

Malware Config

Targets

    • Target

      1954f7c5cf2ed21665937051cdb8b9d4_JaffaCakes118

    • Size

      330KB

    • MD5

      1954f7c5cf2ed21665937051cdb8b9d4

    • SHA1

      37b324eb046260d19fa038b6829a06aa5ae73af8

    • SHA256

      b29d4f97b9274450f159bd7e712738814b6643140be3ecb8e37a4c3aaec9354c

    • SHA512

      bec30d6156da8b0e04a8831057eeb3d208e4385ee9d917d6c11a46eeac7e2e2b53502b10395e6d295caf5732d62a881d006e6f076e6ce653647eee5f8d57df80

    • SSDEEP

      6144:ANuIJXtgwj5YkigHnoAlBKeUHM9V0WGqfiK6vRuTFzHteF2MmH0q/LTgv:AoI13j5YkdBKpHCBLiK+uTFzHteXmvjY

    • Ammyy Admin

      Remote admin tool with various capabilities.

    • AmmyyAdmin payload

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks