General
-
Target
9d52fc9ac7c46a0f96d41a6b4a7f21f706fead1aad09b67901fe48fe686adca2
-
Size
574KB
-
Sample
221125-w1xn6ahg7s
-
MD5
61e8e72fc07282bae06bf52028686f8c
-
SHA1
80f89bb0c1cf40e8ee03ea77b0b1e381950c78cf
-
SHA256
9d52fc9ac7c46a0f96d41a6b4a7f21f706fead1aad09b67901fe48fe686adca2
-
SHA512
8255f23134def47f4f0777d04d43d2bcaf06c27338f0005cd62579ee62c68a0c9bf92873b6d1a5294e2474e91a5c458f3661c07f835138c50a4341de658d6467
-
SSDEEP
12288:ubAxkgrc8CLXPMFf+DW4N8wUAP1VHp1ARnPdZSY4xRaGZ1:ubAydlzPMtuWs8LAPHInFh4LN1
Malware Config
Targets
-
-
Target
mumble-update.exe
-
Size
656KB
-
MD5
f44d1f35e8116591b31362a8130573c1
-
SHA1
c430eeb750e418823955b1579413e8c673c8b71d
-
SHA256
381c14d65a9d2624ed7ef92e27f9e861d8f84ebc780bdb5682bb519f410b40bc
-
SHA512
8cee617607c1b0f23a7271122feeb0bf693e26f315e414626ba2a95f47fe4ba78ff16b14c3b37a580031db0b9f74e5c42e8128e0f2028e34d2745879aaf78968
-
SSDEEP
12288:a5xWIaf5/naxxuVtfVnV6jUKpc0YNp4c32pP2ovrEIrzLkeGY7AHzRB:wxtO5/SxuX9sJ2nN+cmR2ovrj387
Score10/10-
Ammyy Admin
Remote admin tool with various capabilities.
-
AmmyyAdmin payload
-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-