ammyyadmin | c1bfd7bae65c6f46a8d512dd23a522d495e9a58a91d43bd1b43251e935a5acd3

Sharing

Copy URL

Twitter E-mail

General

Target

Panel.zip
Size

16.6MB
Sample

231011-nkkewsbg9y
MD5

d222e3125398296227d2c9c2dbaaafe7
SHA1

6d213201350b6241ff7f8cba9a0777fe905c1343
SHA256

c1bfd7bae65c6f46a8d512dd23a522d495e9a58a91d43bd1b43251e935a5acd3
SHA512

e40d98f15198bd60dc54abece897f84c61c493008a74218337668dc2bcbbd4185a9ce73eccd4e7224f21f863db7d340b5c884514b6401471cd83bd0ed58f1ec3
SSDEEP

393216:4weRpAsRdRWjY8J98vYOrSrur2LoK7xhiI+22irORI0:4wED0Nb8vYRDH2+2fR1

Score

10^/10

Malware Config

Targets

- Target
  
  Panel/Panel/builder/AA_v3.6.exe
- Size
  
  762KB
- MD5
  
  e9b569f7cbf23d91df065c18f4c43840
- SHA1
  
  5d7cb1a2ca7db04edf23dd3ed41125c8c867b0ad
- SHA256
  
  d67c7ef1c8e2cd56e266902bef814ac328d64bbe06086f4ee24fbadbebf39605
- SHA512
  
  a9f01663b0c0ce9d30bd6760847bf3c18318801634145ec75e047019a8e8a9b13ea8122449b8f45ad40b63d4551cb85230df1b41a41ddc33a39cfcf2ec237ccb
- SSDEEP
  
  12288:kX5PFc+E0SlpOvcC1KL/q/IZVURtCdshX5x8jR31QEY0VEoge:2P++ZSlpOUC1KT4+URtYshX5aRlQEYte
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Panel/Panel/builder/AmmyyPanel/AmmyyPanel.exe
- Size
  
  12.5MB
- MD5
  
  632c7f45961e6030c8dc658110605451
- SHA1
  
  fd0f33e728f6f03e7ddbf7f657de9422100bdecb
- SHA256
  
  892814bd5db45c478473659adb6c93a3dd26038a49ab298102a92470f9e5684f
- SHA512
  
  0fc033f7eabc0bfb05d664a3a8f4d3112f3d66d24d8851d25dcd3f7ca952dcd5d0b983375d1b7cdfe5f48462ef87a1a81957c9a98b1f1375c23779466032f2dd
- SSDEEP
  
  196608:CVVKesQhxw/keMA7HGF3K9adhez7UPNx1EAN34VvSbA3SFLOyomFHKnPc7HGwFLm:MoQh2cTFzF
Score

1^/10
behavioral3 behavioral4
- Target
  
  Panel/Panel/builder/builder.html
- Size
  
  3KB
- MD5
  
  e34ee1e6e0399d6b688f1081f9dbe0a6
- SHA1
  
  4f85c914ea42b1d3a62654aae0c10e723ee01a2d
- SHA256
  
  a506e47344d16355550dfac713fa7548edc2665932e1c31d5d05276f93acc3c6
- SHA512
  
  26fef23010d5abc51252c77058b5463523172f2cd6755c9b794c6844d9084ba4f561289861281ac0b9d3a9b895f7c4208de733020a23f27268166a553567e2fc
Score

1^/10
behavioral5 behavioral6
- Target
  
  Panel/Panel/builder/upload.php
- Size
  
  2KB
- MD5
  
  e2deddb8a45ce596310936c38ea7854b
- SHA1
  
  397d426aaab00cc0b965363ef241568c5b4a2f31
- SHA256
  
  907cf46a4c7cfff82e3cb992b17a76a52a7c587121b1092d7e79b5a26f2c83da
- SHA512
  
  f822cce50dfbaabdd96b2e45063407795b02a92cec4bf990ddcac7a416e0483eb538359b924490fdf90c651d98214f027a0a9dc28f7a84270c2013416ad802d3
Score

1^/10
behavioral7 behavioral8
- Target
  
  Panel/Panel/keywords.html
- Size
  
  3KB
- MD5
  
  813aa77de37da56805679e132a36cfcf
- SHA1
  
  712d65746fa6db3e8357bc81042d8001ed5eae54
- SHA256
  
  9dbba886be64db65fc82c87f697d20bd028b75a23a37d2aaec346753de1224ad
- SHA512
  
  9422adf51d59704bb4e55e1e64033e4b0ee1b203a622ef98168886021fd7ae2fe5970216a531be92421df764a902dc7663ee40bd2c6dbdb06b242cd377954672
Score

1^/10
behavioral10 behavioral9
- Target
  
  Panel/Panel/keywords.js
- Size
  
  1KB
- MD5
  
  3eadb00ea2eb6d32b4dd17975f172e0f
- SHA1
  
  76b54a35de5360b14fa6e580205ae4686213e6ab
- SHA256
  
  9509fe87c1b50c5fc8bdfb653a30ee96480dbd12e80b3c9f31ccd329874d2f08
- SHA512
  
  a4219f0ccf2a5462a1299b7e02b20c96b6d3c58069f8520ecf0ec1122063994355a1ee594d1f557972b55946ec0a21927a994a5c2c65880a40841107363f1f76
Score

1^/10
behavioral11 behavioral12
- Target
  
  Panel/Panel/net.js
- Size
  
  1KB
- MD5
  
  c7482959d2a9171056b6dd6be26938cc
- SHA1
  
  7fb4118411ade4dc442aaedf86b442b0a522ffad
- SHA256
  
  ce2153a393317b1999dcf1eca81285fe1c9770980564cc579619e8532ba73dd3
- SHA512
  
  ca934c0ecdf175289c602dc55c220916b529209d139493da86b97a499be4753998180f1dc55ea62e5b64f61c45fbef7c2a7e4db1ac2ddcf4e0631b631923de3e
Score

1^/10
behavioral13 behavioral14
- Target
  
  Panel/Panel/panel.js
- Size
  
  10KB
- MD5
  
  14e62881fe70e61a5f5b1849c7247a8a
- SHA1
  
  0bc70fb11ae9aa8707a6c37d16629915f8727df9
- SHA256
  
  1f050345c17bfc2fe05c244fa56aebae908de9f7a4f60ed3124fb3dc829998f4
- SHA512
  
  fb96f66efc1001282ac0462ff067aa70c0b0580b8356225047c7347606a5a2a27dc4df3344ff35a2f1bbaeb65f01f0f69f421b071a6f82926d79a1b0ee3c5e28
- SSDEEP
  
  192:FwQe8iME1kG0igM5nqi6+aZd5zLRAQEiaPQzRFipiorSp+:FwQe8iMECLigM5nSdtLRAQCeTipiorr
Score

1^/10
behavioral15 behavioral16
- Target
  
  Panel/Panel/screen.html
- Size
  
  2KB
- MD5
  
  eeca343a7fa5c723c1ac9579cca5f295
- SHA1
  
  1d78ba6151fdeeca5873223af938dfcf8693061a
- SHA256
  
  ed46badafd2701e36ab4d4c52742700627c532e43b15054d8c79378f6af1c4cd
- SHA512
  
  b080b3b357d52076389f0e8c722711aa5ea8376cf9e1a0027452a6f61c490a74eaf97beaed7eef23c7f1fce3891dc19359383cb653de01933a4ce590cbdfb8ac
Score

1^/10
behavioral17 behavioral18
- Target
  
  Panel/Panel/screen.php
- Size
  
  4KB
- MD5
  
  43ccf7781248ac7afb529f85ae311894
- SHA1
  
  d4a1587583de4672bcb03589f497e717e24b12b3
- SHA256
  
  9d6b75bd25678f7cc11532740f506f9f0f5051e0aa6a07bedda55a962c8b501c
- SHA512
  
  7fffbf6772bafaa0eefcc4bf4a0d64b6374dbfdac17f1501082e6f0006e06ff42728a53058f887c8ad7f3ac9cdf1efcdee12fc30d2953593e76e39795247151a
- SSDEEP
  
  96:6FX4MU8F00lDrXkWeeixNvZKqiRYk5i/Oboit:6FX4MUypeeixNBBiRBboit
Score

1^/10
behavioral19 behavioral20
- Target
  
  Panel/css/bootstrap/btn.html
- Size
  
  1KB
- MD5
  
  c57b9b952d9567801aa7ddb16778fa92
- SHA1
  
  4f5d42b01e121e130a024c67cc373e9e3db9c0c3
- SHA256
  
  a7196ee566679d036a6212998620a95e2b8e8bf7a995668c8c411c4d89497beb
- SHA512
  
  7f03ff07364650b8f0f6fc861134597cbebf7150ece26c6738ab530a229ae8209345e421acd3ce68a01b1ac543e9f75886cd0d6541e22f73895dcf16adadc60b
Score

1^/10
behavioral21 behavioral22
- Target
  
  Panel/css/bootstrap/js/bootstrap.js
- Size
  
  59KB
- MD5
  
  f91d38466de6410297c6dcd8287abbca
- SHA1
  
  8c639912ccd43078865578e598607d1b847c2373
- SHA256
  
  7970f31907d91bf0f19efe8aefee74d6f0a2d8c72b2f8f20a5e297d3c414a78f
- SHA512
  
  9c3863a4032d98272ed3bf868a933516f92d93b70d85a20d1953c0cdf35ae6956fad3b65d644d98fb275eaa376fe5cea5e204f1c0384647ffa509159c7b315bd
- SSDEEP
  
  768:nh9JcekPPRB3TIF4pmIICjbxkfMJYi2yGsVwZ54R:UP5tNkYWuR
Score

1^/10
behavioral23 behavioral24
- Target
  
  Panel/css/bootstrap/js/bootstrap.min.js
- Size
  
  31KB
- MD5
  
  abda843684d022f3bc22bc83927fe05f
- SHA1
  
  26908395e7a9a4eab607d80aa50a81d65f3017cb
- SHA256
  
  24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f
- SHA512
  
  3f1b46e9ea0fb6be507605a2783af406c6b4f885dedaa4401bff204b0fe9056656717411021594e2512e98a4e398e3238267a7deafeba1b57e443decab0477ea
- SSDEEP
  
  768:xoBFw1wl+WRydWDRQgn8WI0fBQLrX84XCqc:SAr2MRCqc
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral25 behavioral26
- Target
  
  Panel/css/bootstrap/js/jquery-2.1.1.js
- Size
  
  241KB
- MD5
  
  7403060950f4a13be3b3dfde0490ee05
- SHA1
  
  8d55aabf2b76486cc311fdc553a3613cad46aa3f
- SHA256
  
  140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac
- SHA512
  
  ee8d83b5a07a12e0308ceca7f3abf84041d014d0572748ec967e64af79af6f123b6c2335cf5a68b5551cc28042b7828d010870ed54a69c80e9e843a1c4d233cf
- SSDEEP
  
  6144:GzWehmn1crCAhLc5cF4OfhqAZAhL/341i82Y9jI8foA9DK:G5t4OffZRN+8foA5K
Score

1^/10
behavioral27 behavioral28
- Target
  
  Panel/css/bootstrap/js/jquery-2.1.1.min.js
- Size
  
  82KB
- MD5
  
  e40ec2161fe7993196f23c8a07346306
- SHA1
  
  afb90752e0a90c24b7f724faca86c5f3d15d1178
- SHA256
  
  874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
- SHA512
  
  5f57cc757fff0e9990a72e78f6373f0a24bce2edf3c4559f0b6fef3cf65edf932c0f3eca5a35511ea11eabc0a412f1c7563282ec76f6fa005cc59504417159eb
- SSDEEP
  
  1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh
Score

1^/10
behavioral29 behavioral30
- Target
  
  Panel/css/bootstrap/js/npm.js
- Size
  
  484B
- MD5
  
  ccb7f3909e30b1eb8f65a24393c6e12b
- SHA1
  
  e2b7590d6ec1fdac66b01fdf66ae0879f53b1262
- SHA256
  
  c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d
- SHA512
  
  81bc329ad688d411fcf3decb28454238ec478c192b6ac19a3ee07e9939556cf15df91fc7e689802927bdef0362483fbf1659a7c92f877bdc625a56983967cf2c
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

FlawedAmmyy RAT

Checks computer location settings

Unexpected DNS network traffic destination

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32