General
-
Target
JaffaCakes118_5d2137ab7f4b088bcd12b404fc729a65
-
Size
2.6MB
-
Sample
250310-fdqdkatkx8
-
MD5
5d2137ab7f4b088bcd12b404fc729a65
-
SHA1
1ea77258a21abcacd4bf2532a5cac053d44f9bf3
-
SHA256
04dfc2d7d62ce65e75eef08074e860200c815d2f0ca59be184936e56a5a8a228
-
SHA512
6fc608e172d54c3f433190751bce0774cf43ec2d66b1e21a8a5399b25b0535200343792fae062edb4e65e9e79c2b7e27e1d3c367c748cb4bf6486370e2fc8d12
-
SSDEEP
49152:pyyFFmHLyvVbZWgDDdhV6BcRa5g8BtXxA8D2A79zcOPMrGisNSF+CW:pyyFEHLsVdDDxY5g8/3D2A79zcoUGiE
Malware Config
Targets
-
-
Target
JaffaCakes118_5d2137ab7f4b088bcd12b404fc729a65
-
Size
2.6MB
-
MD5
5d2137ab7f4b088bcd12b404fc729a65
-
SHA1
1ea77258a21abcacd4bf2532a5cac053d44f9bf3
-
SHA256
04dfc2d7d62ce65e75eef08074e860200c815d2f0ca59be184936e56a5a8a228
-
SHA512
6fc608e172d54c3f433190751bce0774cf43ec2d66b1e21a8a5399b25b0535200343792fae062edb4e65e9e79c2b7e27e1d3c367c748cb4bf6486370e2fc8d12
-
SSDEEP
49152:pyyFFmHLyvVbZWgDDdhV6BcRa5g8BtXxA8D2A79zcOPMrGisNSF+CW:pyyFEHLsVdDDxY5g8/3D2A79zcoUGiE
Score10/10-
Ammyy Admin
Remote admin tool with various capabilities.
-
AmmyyAdmin payload
-
Ammyyadmin family
-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-