flawedammyy | 43834f452190b6f36ce8bb603b76e44feb45761eb70eae5dee2ac8db17d560ee | Triage

Submit
Reports

Overview

overview

Static

static

1813cdbea0...35.exe

windows7-x64

1813cdbea0...35.exe

windows10-2004-x64

8

Sharing

General

Target

1813cdbea071efd7e0b261e0b1f47635
Size

7.6MB
Sample

221125-dzt8jacb8z
MD5

1813cdbea071efd7e0b261e0b1f47635
SHA1

cb7bfedfa84c2de310fdf36b6fac39c6d8a6c971
SHA256

43834f452190b6f36ce8bb603b76e44feb45761eb70eae5dee2ac8db17d560ee
SHA512

a5ac24cff7a276acc8d629dcb170c51ee8c1d65960f0fbf105a775264a63264bfb126008e5ea4daba812ef1d79881bda3e077bb1349166d474a609dd06e65b77
SSDEEP

196608:4AId0+vNSQpice0XxZcTjfKYQGj8jFDO/3V1hoGv:4zm+v9eeQjCBnjNO/FTXv

Score

10^/10

flawedammyy discovery evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

1813cdbea071efd7e0b261e0b1f47635.exe

Resource

win7-20220812-en

flawedammyy discovery evasion persistence trojan upx

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

1813cdbea071efd7e0b261e0b1f47635.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  1813cdbea071efd7e0b261e0b1f47635
- Size
  
  7.6MB
- MD5
  
  1813cdbea071efd7e0b261e0b1f47635
- SHA1
  
  cb7bfedfa84c2de310fdf36b6fac39c6d8a6c971
- SHA256
  
  43834f452190b6f36ce8bb603b76e44feb45761eb70eae5dee2ac8db17d560ee
- SHA512
  
  a5ac24cff7a276acc8d629dcb170c51ee8c1d65960f0fbf105a775264a63264bfb126008e5ea4daba812ef1d79881bda3e077bb1349166d474a609dd06e65b77
- SSDEEP
  
  196608:4AId0+vNSQpice0XxZcTjfKYQGj8jFDO/3V1hoGv:4zm+v9eeQjCBnjNO/FTXv
Score

10^/10

flawedammyy discovery evasion persistence trojan upx
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Account Manipulation

Modify Existing Service

New Service

Scheduled Task

Privilege Escalation

New Service

Scheduled Task

Defense Evasion

Impair Defenses

Install Root Certificate

Modify Registry

Credential Access

Account Manipulation

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

flawedammyydiscoveryevasionpersistencetrojanupx

behavioral2

© 2018-2025

Terms | Privacy