Resubmissions

23-09-2023 06:27

230923-g72t5add4z 10

23-09-2023 06:10

230923-gxfh5sfc34 10

General

  • Target

    AMMYY_Admin.exe

  • Size

    651KB

  • Sample

    230923-gxfh5sfc34

  • MD5

    b730e7b8f3eebd51dc21d7997313b890

  • SHA1

    57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa

  • SHA256

    e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a

  • SHA512

    05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d

  • SSDEEP

    12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3

Malware Config

Targets

    • Target

      AMMYY_Admin.exe

    • Size

      651KB

    • MD5

      b730e7b8f3eebd51dc21d7997313b890

    • SHA1

      57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa

    • SHA256

      e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a

    • SHA512

      05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d

    • SSDEEP

      12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks