ammyyadmin | 9d521a12299ad71e18acc10327b5c004ade38bddec8b6bbb09db4729927931ff | Triage

Sharing

General

Target

9d521a12299ad71e18acc10327b5c004ade38bddec8b6bbb09db4729927931ff
Size

675KB
Sample

221209-x4b3asgh5w
MD5

55458c9836159cc786319350ed25d0bb
SHA1

c720df3d8e793f27ba2be398922e73a415ed9f7c
SHA256

9d521a12299ad71e18acc10327b5c004ade38bddec8b6bbb09db4729927931ff
SHA512

55661143ffdbb52c9f730e9c7e956c11a6af4f947da133fd20d59bccb50efb8188e7bb9262e9049f58e09d92b034c481d89f827c8eb7e0469d3b56e27e4f4d74
SSDEEP

12288:kaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6/iegDj:YkK+waI8JRQMEJ2rufRtse9rtv8zlwi7

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  9d521a12299ad71e18acc10327b5c004ade38bddec8b6bbb09db4729927931ff
- Size
  
  675KB
- MD5
  
  55458c9836159cc786319350ed25d0bb
- SHA1
  
  c720df3d8e793f27ba2be398922e73a415ed9f7c
- SHA256
  
  9d521a12299ad71e18acc10327b5c004ade38bddec8b6bbb09db4729927931ff
- SHA512
  
  55661143ffdbb52c9f730e9c7e956c11a6af4f947da133fd20d59bccb50efb8188e7bb9262e9049f58e09d92b034c481d89f827c8eb7e0469d3b56e27e4f4d74
- SSDEEP
  
  12288:kaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6/iegDj:YkK+waI8JRQMEJ2rufRtse9rtv8zlwi7
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan