ammyyadmin | a8aac2ccbe416c9776fbac687a2d210376582c7e58b306d3a0fdb25573119d7d | Triage

Submit
Reports

Overview

overview

Static

static

Device/Har....5.exe

windows7-x64

Device/Har....5.exe

windows10-2004-x64

Sharing

General

Target

AA_v3.5.exe
Size

390KB
Sample

230323-mcvp8afa22
MD5

510c4cb5b70fd927c499d8ff64fdf2f0
SHA1

2358589304942673f111dc70a038d8be60669946
SHA256

a8aac2ccbe416c9776fbac687a2d210376582c7e58b306d3a0fdb25573119d7d
SHA512

2cec0634dc187983940dd0ad10a13c66e291ed4cb55c0b3101817cdf5f21aa1814961d4626d1afb56ccfa2f1d6e66f96ab46cef578e1d2b351aa15910d23579c
SSDEEP

12288:3Ry8QRRxXskUv0ppP/y/DEpeJpGjDXpiFsbsmOa:B9040fX1igv

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume3/Aammyy Admin/AA_v3.5.exe

Resource

win7-20230220-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume3/Aammyy Admin/AA_v3.5.exe

Resource

win10v2004-20230220-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume3/Aammyy Admin/AA_v3.5.exe
- Size
  
  746KB
- MD5
  
  f8cd52b70a11a1fb3f29c6f89ff971ec
- SHA1
  
  6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
- SHA256
  
  6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
- SHA512
  
  987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe
- SSDEEP
  
  12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy