General

  • Target

    2b5e761a3968fe2e84fa890374efaa3c_JaffaCakes118

  • Size

    652KB

  • Sample

    241009-fq9yqsvepg

  • MD5

    2b5e761a3968fe2e84fa890374efaa3c

  • SHA1

    8c9344268b7605f4888340fd9d8a094f867fd364

  • SHA256

    4d7fcade9b38d7cd2c853f565cbcc861dc2b2fc8f86d3a6ccb9ed41bb6577bcd

  • SHA512

    4a0cd66b103a1f37adea27b73f75cbc99307bfd120faf41f62c6abcdd4d1726fb109119ae0dda1fbb7ebe67e38778c6f9b5a0c6b7ca6dedba5470819346a705f

  • SSDEEP

    12288:QaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6pilgb:EkK+waI8JRQMEJ2rufRtse9rtv8zlWi2

Malware Config

Targets

    • Target

      2b5e761a3968fe2e84fa890374efaa3c_JaffaCakes118

    • Size

      652KB

    • MD5

      2b5e761a3968fe2e84fa890374efaa3c

    • SHA1

      8c9344268b7605f4888340fd9d8a094f867fd364

    • SHA256

      4d7fcade9b38d7cd2c853f565cbcc861dc2b2fc8f86d3a6ccb9ed41bb6577bcd

    • SHA512

      4a0cd66b103a1f37adea27b73f75cbc99307bfd120faf41f62c6abcdd4d1726fb109119ae0dda1fbb7ebe67e38778c6f9b5a0c6b7ca6dedba5470819346a705f

    • SSDEEP

      12288:QaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6pilgb:EkK+waI8JRQMEJ2rufRtse9rtv8zlWi2

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks