Overview

overview

10

Static

static

10

Device/Har...h..exe

windows7-x64

10

Device/Har...h..exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AA_v3.5 (2015_07_11 06_04_37 UTC).exe

  • Size

    391KB

  • Sample

    230426-kq3xmsgc28

  • MD5

    0b83e41f1cf2e3e3970ff6cf0d6b7c50

  • SHA1

    f637a9a2b52656a92d4b42de076a04033d7d2101

  • SHA256

    bad522b505bc4e631548651793110704b082be27dbaa6ab583f83fe2e9f28dda

  • SHA512

    49e3e1801aa9b73261ba2f529fb91fa4088bb2cddb4a356591ec6e7ecb7b70cba480194fed10884743ffc3a35c51dbb404af3b45216f0be8b3b8596aafa6bcc1

  • SSDEEP

    6144:DNut4VbcuyxnBK9DzjFY6n3DUCdelF26SEHe8qQK5tXPvPqpKn4lRMsclGbirwnD:DNue+9BK926gG+1Hj05xqU4lRbbvJGI

Score
10/10
ammyyadminflawedammyytrojan

Malware Config

Targets

    • Target

      Device/HarddiskVolume5/MyOld/File_History/[email protected]/LTP-310/Data/C/Users/Santhosh.VIRTUSHOLDING/Desktop/AA_v3.5 (2015_07_11 06_04_37 UTC).exe

    • Size

      746KB

    • MD5

      f8cd52b70a11a1fb3f29c6f89ff971ec

    • SHA1

      6a0c46818a6a10c2c5a98a0cce65fbaf95caa344

    • SHA256

      6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20

    • SHA512

      987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe

    • SSDEEP

      12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX

    Score
    10/10
    flawedammyytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks