General
-
Target
AA_v3.5.exe
-
Size
751KB
-
Sample
230719-npd4nsee8t
-
MD5
5686a7032e37087f0fd082a04f727aad
-
SHA1
341fee5256dcc259a3a566ca8f0260eb1e60d730
-
SHA256
43bba98a64dd96cf0571f3d6dceafdc549cc3767a1beab6fe4a6e1fd3ddd3153
-
SHA512
0ebd95b20ef54d047fdaec37cfb10e2c39ea9d63fa28d6a6848ec11b34a4c4ec5f7a8a430d81670461203b9e675ac4a32cac3da4a1c471f16e8d003c6dea3345
-
SSDEEP
12288:oPO1fNZApVuCN7e/yalnM4RtjLDXcbOAS3snvVgbgJ:om1fN6pkCNa/yaq4RtjXcu3sSEJ
Behavioral task
behavioral1
Sample
AA_v3.5.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
AA_v3.5.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
AA_v3.5.exe
-
Size
751KB
-
MD5
5686a7032e37087f0fd082a04f727aad
-
SHA1
341fee5256dcc259a3a566ca8f0260eb1e60d730
-
SHA256
43bba98a64dd96cf0571f3d6dceafdc549cc3767a1beab6fe4a6e1fd3ddd3153
-
SHA512
0ebd95b20ef54d047fdaec37cfb10e2c39ea9d63fa28d6a6848ec11b34a4c4ec5f7a8a430d81670461203b9e675ac4a32cac3da4a1c471f16e8d003c6dea3345
-
SSDEEP
12288:oPO1fNZApVuCN7e/yalnM4RtjLDXcbOAS3snvVgbgJ:om1fN6pkCNa/yaq4RtjXcu3sSEJ
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-