General
-
Target
af229857b2b9b1b7f5e66e8a64579a5e_JaffaCakes118
-
Size
324KB
-
Sample
241026-wtgz5axhpm
-
MD5
af229857b2b9b1b7f5e66e8a64579a5e
-
SHA1
eb2c84e39b67dc9d33fc813f2b04abe696ffce0d
-
SHA256
2d068d78cdb398b0804690ba569695a08bf87dc8e91faa56194d6b6309aa9f97
-
SHA512
b8405536d3aa400a3bc5c41b950f67c9295dfbb9114aa3252106ad0606b51625edda938873c8bc00633582101f35e54982d955b075d18db0d653c4686a933dbe
-
SSDEEP
6144:VmjdtarwoDMsPSY79HDGzTZkjg0qmPkuoSVvCoXrgv7pLKV8n:VA2rwYMrSjGHd0qOkrfegvgV+
Behavioral task
behavioral1
Sample
AA_v3.2.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
AA_v3.2.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AA_v3.2.exe
-
Size
722KB
-
MD5
45c9b54d66cbcc2de89f93e25f368a45
-
SHA1
2e5265f35f75a50c89e592e127bc80e1e45aa840
-
SHA256
349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a
-
SHA512
25c3f1ec6d2e233464090f584777b15f18acfd1cb12124c236680689545ec8208bc364d26d7202e38368dbec34cd824600afb51845df8c9de8c8e83fba8d8b1f
-
SSDEEP
12288:x2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEgK:xSIp2Ydd6SVcpz1RtXpGadsbShK
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-