ammyyadmin | 80b2f128706ba5f1d1a16b12aafb7c2bf84506934ecaee9f9e5166981eeb5924 | Triage

Submit
Reports

Overview

overview

Static

static

Device/Har....5.exe

windows7-x64

Device/Har....5.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

AA_v3.5.exe
Size

391KB
Sample

230517-fnh28scg8s
MD5

df322beea1b3c93e51beb4c78d82f0bc
SHA1

ba067dfc6a76f7fc488ae2fdd57b072a4da3c981
SHA256

80b2f128706ba5f1d1a16b12aafb7c2bf84506934ecaee9f9e5166981eeb5924
SHA512

51ed359fb4aa770118d32801c252e82510f6152fe9a6f7b6998504205acca105468ffd72aa76757032637e5268de0295aa8be3250682db5102d2d22de66347e3
SSDEEP

6144:Fmv9cQ97ofFRIS6XEiSfFt4jOZUdygf4QlVXZcKrZPK5JWjbOQv1KKCBJxR5:FCVoFRx6XofjQy04QDXqK+sOs0KCBLr

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume4/Users/maiabdelazim/Desktop/AA_v3.5.exe

Resource

win7-20230220-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume4/Users/maiabdelazim/Desktop/AA_v3.5.exe

Resource

win10v2004-20230220-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume4/Users/maiabdelazim/Desktop/AA_v3.5.exe
- Size
  
  746KB
- MD5
  
  2cbf5657ffd8858a9597f296a60270c2
- SHA1
  
  b130611c92788337c4f6bb9e9454ff06eb409166
- SHA256
  
  9b3f4d6a9bae4d7f9cfe45e706db8fe4baef51ae12353941e8b1532b231e6eac
- SHA512
  
  06339a299c8c9ce55e9b96582e54e0bf9e04f894ceb47c07486adf8b0140c2a01fd0932207aca8112ee0b16ba8711fee9435e37339aafb94f167b5a736ee7d0b
- SSDEEP
  
  12288:6NgEvTkYGzXUMA7PTgM0YOg26y4RtcxcUwhqb3omaY80NP6gL:6XTszE7PTgM0YOgA4RtcbwhsSYFVL
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2025

Terms | Privacy