ammyyadmin | e6df798cbf2e7300cdfae4fe81f08cd56d16aff907ff7e64af41165675f0660c | Triage

Submit
Reports

Overview

overview

Static

static

6BB935AA9C...08.exe

windows7-x64

6BB935AA9C...08.exe

windows10-2004-x64

Sharing

General

Target

6BB935AA9CF2F6747742FC1F7A539B08.fil
Size

792KB
Sample

230103-wdzv1afd9x
MD5

6bb935aa9cf2f6747742fc1f7a539b08
SHA1

49dc68bc04baf9a30906cae017df53aad9635f87
SHA256

e6df798cbf2e7300cdfae4fe81f08cd56d16aff907ff7e64af41165675f0660c
SHA512

2b092657d8c4c54969718cc92b529e040c97bb0a8ca12c2e7f5eb15b9a7535f7ad72d981b83596b2125fca9287fbdf3ba9487e981b911dea496b94a34e0d33a6
SSDEEP

24576:Oj0JJ4p/A4npt3XojeQG5EtzRtO7GvmDgucf:OjoJ4u4zojegylDI

Score

10^/10

ammyyadmin flawedammyy bootkit persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6BB935AA9CF2F6747742FC1F7A539B08.exe

Resource

win7-20220812-en

flawedammyy bootkit persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6BB935AA9CF2F6747742FC1F7A539B08.exe

Resource

win10v2004-20221111-en

flawedammyy bootkit persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6BB935AA9CF2F6747742FC1F7A539B08.fil
- Size
  
  792KB
- MD5
  
  6bb935aa9cf2f6747742fc1f7a539b08
- SHA1
  
  49dc68bc04baf9a30906cae017df53aad9635f87
- SHA256
  
  e6df798cbf2e7300cdfae4fe81f08cd56d16aff907ff7e64af41165675f0660c
- SHA512
  
  2b092657d8c4c54969718cc92b529e040c97bb0a8ca12c2e7f5eb15b9a7535f7ad72d981b83596b2125fca9287fbdf3ba9487e981b911dea496b94a34e0d33a6
- SSDEEP
  
  24576:Oj0JJ4p/A4npt3XojeQG5EtzRtO7GvmDgucf:OjoJ4u4zojegylDI
Score

10^/10

flawedammyy bootkit persistence trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyybootkitpersistencetrojan

behavioral2

flawedammyybootkitpersistencetrojan

© 2018-2025

Terms | Privacy