General
-
Target
AA_v3.5.exe
-
Size
755KB
-
Sample
230720-t3hlxaab6s
-
MD5
11bc606269a161555431bacf37f7c1e4
-
SHA1
63c52b0ac68ab7464e2cd777442a5807db9b5383
-
SHA256
1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
-
SHA512
0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f
-
SSDEEP
12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z
Behavioral task
behavioral1
Sample
AA_v3.5.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
AA_v3.5.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
AA_v3.5.exe
-
Size
755KB
-
MD5
11bc606269a161555431bacf37f7c1e4
-
SHA1
63c52b0ac68ab7464e2cd777442a5807db9b5383
-
SHA256
1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
-
SHA512
0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f
-
SSDEEP
12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-