ammyyadmin | 4731517b198414342891553881913565819509086b8154214462788c740b34c9 | Triage

Submit
Reports

Overview

overview

Static

static

GWPEx64_10...7z.exe

windows7-x64

GWPEx64_10...7z.exe

windows10-2004-x64

Sharing

General

Target

GWPEx64_10_07_2018.7z.exe
Size

726KB
Sample

230718-x7tfradd28
MD5

190785b2bb664324334c1b5231b5c4b0
SHA1

07539abb2623fe24b9a05e240f675fa2d15268cb
SHA256

4731517b198414342891553881913565819509086b8154214462788c740b34c9
SHA512

ab40f182fb52e5281f0761cf064a7f4b82ea04a2c9c00fe6faa4e61f8e632b8c7a64820e226b2ab668c99ada195c1ca117b702474bd023d84991a16dd10ba85c
SSDEEP

12288:8YdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzagH:HdNikfu2hBfK8ilRty5olGJsxNH

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

GWPEx64_10_07_2018.7z.exe

Resource

win7-20230712-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

GWPEx64_10_07_2018.7z.exe

Resource

win10v2004-20230703-en

flawedammyy trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  GWPEx64_10_07_2018.7z.exe
- Size
  
  726KB
- MD5
  
  190785b2bb664324334c1b5231b5c4b0
- SHA1
  
  07539abb2623fe24b9a05e240f675fa2d15268cb
- SHA256
  
  4731517b198414342891553881913565819509086b8154214462788c740b34c9
- SHA512
  
  ab40f182fb52e5281f0761cf064a7f4b82ea04a2c9c00fe6faa4e61f8e632b8c7a64820e226b2ab668c99ada195c1ca117b702474bd023d84991a16dd10ba85c
- SSDEEP
  
  12288:8YdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzagH:HdNikfu2hBfK8ilRty5olGJsxNH
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy