General

  • Target

    a7bfd722b2c69c4c7a77b5e34b4acb06_JaffaCakes118

  • Size

    404KB

  • Sample

    241127-n52vnssnaz

  • MD5

    a7bfd722b2c69c4c7a77b5e34b4acb06

  • SHA1

    22abce2983ef8bf4bc3a2b0c7d447529d099b528

  • SHA256

    efa1fccd69461c3ae5553242b593b5ec123339757287c45280a24f685cfe041e

  • SHA512

    3d13625e21c185ec2204f09fcf2cf8dd5e808b6e68b5ba0001933572b6b1d3812aadb3cecbc64e2917ff7b74187931618d4713bb0137cf707bf671eef7bf8072

  • SSDEEP

    12288:1JrdpurM2GMOFIjmb5/nD0uyqtC4n9D5UATL4NqV:1ZGM2wemb5/D0uy2C4n9DeA4i

Malware Config

Targets

    • Target

      AA_v3.exe

    • Size

      778KB

    • MD5

      121e1634bf18768802427f0a13f039a9

    • SHA1

      8868654ba10fb4c9a7bd882d1f947f4fd51e988e

    • SHA256

      5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa

    • SHA512

      393df326af3109fe701b579b73f42f7a9b155bb4df6ea7049ad3ae9fdd03446576b887a99eb7a0d59949a7a63367e223253448b6f1a0ebeaf358fa2873dcc200

    • SSDEEP

      12288:hSX+EvrCA3FNIs34Zk1L1ZSNlm3Spsal6lbRtMuStGKcsCSqcl90Va1ugp:2FNN4Zk1LTclm3e1kbRtyGKcpHcl517p

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Flawedammyy family

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks