General

  • Target

    af229857b2b9b1b7f5e66e8a64579a5e_JaffaCakes118

  • Size

    324KB

  • Sample

    241026-wtgz5axhpm

  • MD5

    af229857b2b9b1b7f5e66e8a64579a5e

  • SHA1

    eb2c84e39b67dc9d33fc813f2b04abe696ffce0d

  • SHA256

    2d068d78cdb398b0804690ba569695a08bf87dc8e91faa56194d6b6309aa9f97

  • SHA512

    b8405536d3aa400a3bc5c41b950f67c9295dfbb9114aa3252106ad0606b51625edda938873c8bc00633582101f35e54982d955b075d18db0d653c4686a933dbe

  • SSDEEP

    6144:VmjdtarwoDMsPSY79HDGzTZkjg0qmPkuoSVvCoXrgv7pLKV8n:VA2rwYMrSjGHd0qOkrfegvgV+

Malware Config

Targets

    • Target

      AA_v3.2.exe

    • Size

      722KB

    • MD5

      45c9b54d66cbcc2de89f93e25f368a45

    • SHA1

      2e5265f35f75a50c89e592e127bc80e1e45aa840

    • SHA256

      349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a

    • SHA512

      25c3f1ec6d2e233464090f584777b15f18acfd1cb12124c236680689545ec8208bc364d26d7202e38368dbec34cd824600afb51845df8c9de8c8e83fba8d8b1f

    • SSDEEP

      12288:x2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEgK:xSIp2Ydd6SVcpz1RtXpGadsbShK

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Flawedammyy family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks