General
-
Target
3a2e6d51b199bb631eea59c8cac27902_JaffaCakes118
-
Size
768KB
-
Sample
241012-qdnvvasbje
-
MD5
3a2e6d51b199bb631eea59c8cac27902
-
SHA1
18dc174c9a25f5dcf1777cfeed0e97b5c5f7eb4c
-
SHA256
bca57f1b02cb2521fbcbb1f36f99dc2e47ec6df6bc88f24ec000b96c0f032592
-
SHA512
662c75d6964317b8bb7d451a543f3da28e134d22dd558f677c3d357e413e243efe775a6ba562071257d07e8318569bd751d08100f5353b9821ed7d2bccefc6d5
-
SSDEEP
12288:jXe1Z2fJipMHEgSeA6M7kmchJGvRuORtcE9qTpy+Yg0HkV+UgWRDkj9tyTEAjRc0:ztkmHEgSewkmchJGsORtn9qT8+Yg03ZU
Behavioral task
behavioral1
Sample
3a2e6d51b199bb631eea59c8cac27902_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
3a2e6d51b199bb631eea59c8cac27902_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3a2e6d51b199bb631eea59c8cac27902_JaffaCakes118
-
Size
768KB
-
MD5
3a2e6d51b199bb631eea59c8cac27902
-
SHA1
18dc174c9a25f5dcf1777cfeed0e97b5c5f7eb4c
-
SHA256
bca57f1b02cb2521fbcbb1f36f99dc2e47ec6df6bc88f24ec000b96c0f032592
-
SHA512
662c75d6964317b8bb7d451a543f3da28e134d22dd558f677c3d357e413e243efe775a6ba562071257d07e8318569bd751d08100f5353b9821ed7d2bccefc6d5
-
SSDEEP
12288:jXe1Z2fJipMHEgSeA6M7kmchJGvRuORtcE9qTpy+Yg0HkV+UgWRDkj9tyTEAjRc0:ztkmHEgSewkmchJGsORtn9qT8+Yg03ZU
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-