Overview

overview

10

Static

static

10

Device/Har...h..exe

windows7-x64

10

Device/Har...h..exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AA_v3.5 (2015_07_11 06_04_37 UTC).exe

  • Size

    391KB

  • Sample

    230709-c2gjsaae96

  • MD5

    2fd7b1a017e210a0e6124a60bd342209

  • SHA1

    53fdb7a77b2269477333bb7ebd2e34e5939afa27

  • SHA256

    0088822bc921738b4ead93e4cdfe4f5d81fdfe9d32a70a27cd26cdc986575468

  • SHA512

    1387be1e65fc46ed84e251d7c916d907beb79baf2b9ad4989bb7a053e2e708d57ec768c11e3720c9113d1b2bd1bca97a52aff32536beba037afd787db29bdde8

  • SSDEEP

    6144:xmlpZqvlAotdoY7FmEyC/99UMP5LkvSCoQShWYrYcNQ+2E6i+47pC4nAtOy:8Vqvfd9OC/9j5LkvSC3Sh0iQ+N/7dAUy

Score
10/10
ammyyadminflawedammyytrojan

Malware Config

Targets

    • Target

      Device/HarddiskVolume5/MyOld/File_History/[email protected]/LTP-310/Data/C/Users/Santhosh.VIRTUSHOLDING/Desktop/AA_v3.5 (2015_07_11 06_04_37 UTC).exe

    • Size

      746KB

    • MD5

      f8cd52b70a11a1fb3f29c6f89ff971ec

    • SHA1

      6a0c46818a6a10c2c5a98a0cce65fbaf95caa344

    • SHA256

      6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20

    • SHA512

      987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe

    • SSDEEP

      12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX

    Score
    10/10
    flawedammyytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks