General
-
Target
a7bfd722b2c69c4c7a77b5e34b4acb06_JaffaCakes118
-
Size
404KB
-
Sample
241127-n52vnssnaz
-
MD5
a7bfd722b2c69c4c7a77b5e34b4acb06
-
SHA1
22abce2983ef8bf4bc3a2b0c7d447529d099b528
-
SHA256
efa1fccd69461c3ae5553242b593b5ec123339757287c45280a24f685cfe041e
-
SHA512
3d13625e21c185ec2204f09fcf2cf8dd5e808b6e68b5ba0001933572b6b1d3812aadb3cecbc64e2917ff7b74187931618d4713bb0137cf707bf671eef7bf8072
-
SSDEEP
12288:1JrdpurM2GMOFIjmb5/nD0uyqtC4n9D5UATL4NqV:1ZGM2wemb5/D0uy2C4n9DeA4i
Behavioral task
behavioral1
Sample
AA_v3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
AA_v3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AA_v3.exe
-
Size
778KB
-
MD5
121e1634bf18768802427f0a13f039a9
-
SHA1
8868654ba10fb4c9a7bd882d1f947f4fd51e988e
-
SHA256
5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa
-
SHA512
393df326af3109fe701b579b73f42f7a9b155bb4df6ea7049ad3ae9fdd03446576b887a99eb7a0d59949a7a63367e223253448b6f1a0ebeaf358fa2873dcc200
-
SSDEEP
12288:hSX+EvrCA3FNIs34Zk1L1ZSNlm3Spsal6lbRtMuStGKcsCSqcl90Va1ugp:2FNN4Zk1LTclm3e1kbRtyGKcpHcl517p
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-