General

  • Target

    ef18c0cfe98199f30ff9a635bb598621_JaffaCakes118

  • Size

    648KB

  • Sample

    241214-q877zawkcj

  • MD5

    ef18c0cfe98199f30ff9a635bb598621

  • SHA1

    c445b4ee969c04067b485a9bbb5e3e54554aae42

  • SHA256

    9b09e534cb648efcc4e433ef991a1e754fed130a4600faafc3455484cc9747ec

  • SHA512

    4562ff9fd079c7d3880f02a2d30f685ad9b8409fe6d0f45c61dc8d7814a62aa66702f40e96e2e37568c29acd3c3b6b33c04722578504adafd8e7abff3b0a80dc

  • SSDEEP

    12288:WaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6cilgjD:qkK+waI8JRQMEJ2rufRtse9rtv8zlnii

Malware Config

Targets

    • Target

      ef18c0cfe98199f30ff9a635bb598621_JaffaCakes118

    • Size

      648KB

    • MD5

      ef18c0cfe98199f30ff9a635bb598621

    • SHA1

      c445b4ee969c04067b485a9bbb5e3e54554aae42

    • SHA256

      9b09e534cb648efcc4e433ef991a1e754fed130a4600faafc3455484cc9747ec

    • SHA512

      4562ff9fd079c7d3880f02a2d30f685ad9b8409fe6d0f45c61dc8d7814a62aa66702f40e96e2e37568c29acd3c3b6b33c04722578504adafd8e7abff3b0a80dc

    • SSDEEP

      12288:WaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6cilgjD:qkK+waI8JRQMEJ2rufRtse9rtv8zlnii

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Flawedammyy family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks