General
-
Target
ef18c0cfe98199f30ff9a635bb598621_JaffaCakes118
-
Size
648KB
-
Sample
241214-q877zawkcj
-
MD5
ef18c0cfe98199f30ff9a635bb598621
-
SHA1
c445b4ee969c04067b485a9bbb5e3e54554aae42
-
SHA256
9b09e534cb648efcc4e433ef991a1e754fed130a4600faafc3455484cc9747ec
-
SHA512
4562ff9fd079c7d3880f02a2d30f685ad9b8409fe6d0f45c61dc8d7814a62aa66702f40e96e2e37568c29acd3c3b6b33c04722578504adafd8e7abff3b0a80dc
-
SSDEEP
12288:WaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6cilgjD:qkK+waI8JRQMEJ2rufRtse9rtv8zlnii
Behavioral task
behavioral1
Sample
ef18c0cfe98199f30ff9a635bb598621_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ef18c0cfe98199f30ff9a635bb598621_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ef18c0cfe98199f30ff9a635bb598621_JaffaCakes118
-
Size
648KB
-
MD5
ef18c0cfe98199f30ff9a635bb598621
-
SHA1
c445b4ee969c04067b485a9bbb5e3e54554aae42
-
SHA256
9b09e534cb648efcc4e433ef991a1e754fed130a4600faafc3455484cc9747ec
-
SHA512
4562ff9fd079c7d3880f02a2d30f685ad9b8409fe6d0f45c61dc8d7814a62aa66702f40e96e2e37568c29acd3c3b6b33c04722578504adafd8e7abff3b0a80dc
-
SSDEEP
12288:WaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6cilgjD:qkK+waI8JRQMEJ2rufRtse9rtv8zlnii
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-