ammyyadmin | a85e5dadcd628cd78683aa30dfeb5476e77ae077a8bc27d3f9cee4c314b46dc8 | Triage

Sharing

General

Target

a85e5dadcd628cd78683aa30dfeb5476e77ae077a8bc27d3f9cee4c314b46dc8
Size

701KB
Sample

221209-x4czlaea25
MD5

e6eeded729ebd42a03d6d80922893a00
SHA1

5aed3518f75571f8f143f7544c8082d2ae4ac4d5
SHA256

a85e5dadcd628cd78683aa30dfeb5476e77ae077a8bc27d3f9cee4c314b46dc8
SHA512

d87f2a9b17206122725152dccdba3d713dfbed24b5cbed68217cc8ad1ba1ec13e15bb68bfb2c4cd150573cf4b670604f8777a3b9e5df357cd9f5acc01a91316e
SSDEEP

12288:iQCs07y2blQDJy++/l21RtSckhw7hZ+Ehg3:Ys07dlQDJyq1Rtlki7hZ+x3

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  a85e5dadcd628cd78683aa30dfeb5476e77ae077a8bc27d3f9cee4c314b46dc8
- Size
  
  701KB
- MD5
  
  e6eeded729ebd42a03d6d80922893a00
- SHA1
  
  5aed3518f75571f8f143f7544c8082d2ae4ac4d5
- SHA256
  
  a85e5dadcd628cd78683aa30dfeb5476e77ae077a8bc27d3f9cee4c314b46dc8
- SHA512
  
  d87f2a9b17206122725152dccdba3d713dfbed24b5cbed68217cc8ad1ba1ec13e15bb68bfb2c4cd150573cf4b670604f8777a3b9e5df357cd9f5acc01a91316e
- SSDEEP
  
  12288:iQCs07y2blQDJy++/l21RtSckhw7hZ+Ehg3:Ys07dlQDJyq1Rtlki7hZ+x3
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan