General

  • Target

    3a2e6d51b199bb631eea59c8cac27902_JaffaCakes118

  • Size

    768KB

  • Sample

    241012-qdnvvasbje

  • MD5

    3a2e6d51b199bb631eea59c8cac27902

  • SHA1

    18dc174c9a25f5dcf1777cfeed0e97b5c5f7eb4c

  • SHA256

    bca57f1b02cb2521fbcbb1f36f99dc2e47ec6df6bc88f24ec000b96c0f032592

  • SHA512

    662c75d6964317b8bb7d451a543f3da28e134d22dd558f677c3d357e413e243efe775a6ba562071257d07e8318569bd751d08100f5353b9821ed7d2bccefc6d5

  • SSDEEP

    12288:jXe1Z2fJipMHEgSeA6M7kmchJGvRuORtcE9qTpy+Yg0HkV+UgWRDkj9tyTEAjRc0:ztkmHEgSewkmchJGsORtn9qT8+Yg03ZU

Malware Config

Targets

    • Target

      3a2e6d51b199bb631eea59c8cac27902_JaffaCakes118

    • Size

      768KB

    • MD5

      3a2e6d51b199bb631eea59c8cac27902

    • SHA1

      18dc174c9a25f5dcf1777cfeed0e97b5c5f7eb4c

    • SHA256

      bca57f1b02cb2521fbcbb1f36f99dc2e47ec6df6bc88f24ec000b96c0f032592

    • SHA512

      662c75d6964317b8bb7d451a543f3da28e134d22dd558f677c3d357e413e243efe775a6ba562071257d07e8318569bd751d08100f5353b9821ed7d2bccefc6d5

    • SSDEEP

      12288:jXe1Z2fJipMHEgSeA6M7kmchJGvRuORtcE9qTpy+Yg0HkV+UgWRDkj9tyTEAjRc0:ztkmHEgSewkmchJGsORtn9qT8+Yg03ZU

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks