General
-
Target
2b5e761a3968fe2e84fa890374efaa3c_JaffaCakes118
-
Size
652KB
-
Sample
241009-fq9yqsvepg
-
MD5
2b5e761a3968fe2e84fa890374efaa3c
-
SHA1
8c9344268b7605f4888340fd9d8a094f867fd364
-
SHA256
4d7fcade9b38d7cd2c853f565cbcc861dc2b2fc8f86d3a6ccb9ed41bb6577bcd
-
SHA512
4a0cd66b103a1f37adea27b73f75cbc99307bfd120faf41f62c6abcdd4d1726fb109119ae0dda1fbb7ebe67e38778c6f9b5a0c6b7ca6dedba5470819346a705f
-
SSDEEP
12288:QaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6pilgb:EkK+waI8JRQMEJ2rufRtse9rtv8zlWi2
Behavioral task
behavioral1
Sample
2b5e761a3968fe2e84fa890374efaa3c_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
2b5e761a3968fe2e84fa890374efaa3c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2b5e761a3968fe2e84fa890374efaa3c_JaffaCakes118
-
Size
652KB
-
MD5
2b5e761a3968fe2e84fa890374efaa3c
-
SHA1
8c9344268b7605f4888340fd9d8a094f867fd364
-
SHA256
4d7fcade9b38d7cd2c853f565cbcc861dc2b2fc8f86d3a6ccb9ed41bb6577bcd
-
SHA512
4a0cd66b103a1f37adea27b73f75cbc99307bfd120faf41f62c6abcdd4d1726fb109119ae0dda1fbb7ebe67e38778c6f9b5a0c6b7ca6dedba5470819346a705f
-
SSDEEP
12288:QaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6pilgb:EkK+waI8JRQMEJ2rufRtse9rtv8zlWi2
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-