General
-
Target
AMMYY_Admin.exe
-
Size
651KB
-
Sample
230923-gxfh5sfc34
-
MD5
b730e7b8f3eebd51dc21d7997313b890
-
SHA1
57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa
-
SHA256
e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a
-
SHA512
05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d
-
SSDEEP
12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3
Behavioral task
behavioral1
Sample
AMMYY_Admin.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
AMMYY_Admin.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
AMMYY_Admin.exe
-
Size
651KB
-
MD5
b730e7b8f3eebd51dc21d7997313b890
-
SHA1
57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa
-
SHA256
e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a
-
SHA512
05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d
-
SSDEEP
12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-