ammyyadmin | 8392bb9829d425f7c8c21155527f8a6b06ae2b2652fb31fd49f5de998c7e2afc | Triage

Submit
Reports

Overview

overview

Static

static

Device/Har...op.exe

windows7-x64

Device/Har...op.exe

windows10-2004-x64

Sharing

General

Target

AA_v3.5 (2015_07_07 09_09_55 UTC).exe
Size

391KB
Sample

230709-jgn7fsbb97
MD5

59bc5bc2e2982c835b1caa2f318afc2f
SHA1

4223add1a7328d30262212eb8ddb8b48bb5b3fd7
SHA256

8392bb9829d425f7c8c21155527f8a6b06ae2b2652fb31fd49f5de998c7e2afc
SHA512

e728fb52b349eb8f9631ce82055f0a58afdadbb517e4e4bc27542592f0cb495bd4dbdb1a812143ce63f7b8c41bb2bd010bbf48aba7dda84d3829c548146bb8b5
SSDEEP

12288:6Ry8QRRxXskUv0ppP/y/DEpeJpGjDXpiFsbsmOj:G9040fX1igA

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume8/UB_AHO_AG/krbiju/[email protected]/LTP-484/Data/C/Users/KRBiju/Desktop.exe

Resource

win7-20230703-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume8/UB_AHO_AG/krbiju/[email protected]/LTP-484/Data/C/Users/KRBiju/Desktop.exe

Resource

win10v2004-20230703-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume8/UB_AHO_AG/krbiju/[email protected]/LTP-484/Data/C/Users/KRBiju/Desktop/AA_v3.5 (2015_07_07 09_09_55 UTC).exe
- Size
  
  746KB
- MD5
  
  f8cd52b70a11a1fb3f29c6f89ff971ec
- SHA1
  
  6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
- SHA256
  
  6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
- SHA512
  
  987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe
- SSDEEP
  
  12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy