ammyyadmin | ebc69b5bde229922bf3067e8943a476a38c6914f727323bef5908fc46ae29168 | Triage

Sharing

General

Target

ebc69b5bde229922bf3067e8943a476a38c6914f727323bef5908fc46ae29168
Size

684KB
Sample

221206-gwxq2aba65
MD5

a0a4d0bd41b9c117569f8a1e46a00a3a
SHA1

add33562f3ddedf3c5fb89814f26eb46f90d8d34
SHA256

ebc69b5bde229922bf3067e8943a476a38c6914f727323bef5908fc46ae29168
SHA512

63be9ad4ee7859c1b900d8568f8acdfa52dccf1a1576e9d66a50e9da73d19e8225dc1ceb43b8e659081b7cf85c9122ee3aa75caa98aec4519d12abe728fe6618
SSDEEP

12288:dqpX2zPf0bvoLsU+FKN0fCskD1RtcnzepMqBCzzgf:wOPMrGL+FKNAe1RtkzepMqBCIf

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  ebc69b5bde229922bf3067e8943a476a38c6914f727323bef5908fc46ae29168
- Size
  
  684KB
- MD5
  
  a0a4d0bd41b9c117569f8a1e46a00a3a
- SHA1
  
  add33562f3ddedf3c5fb89814f26eb46f90d8d34
- SHA256
  
  ebc69b5bde229922bf3067e8943a476a38c6914f727323bef5908fc46ae29168
- SHA512
  
  63be9ad4ee7859c1b900d8568f8acdfa52dccf1a1576e9d66a50e9da73d19e8225dc1ceb43b8e659081b7cf85c9122ee3aa75caa98aec4519d12abe728fe6618
- SSDEEP
  
  12288:dqpX2zPf0bvoLsU+FKN0fCskD1RtcnzepMqBCzzgf:wOPMrGL+FKNAe1RtkzepMqBCIf
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan