ammyyadmin | 3727d712e619a7c1de57a4987614cc11f08cdcf9ddb6d798a52b30b7f3ddfdf4 | Triage

Submit
Reports

Overview

overview

Static

static

f9cc4a11a1...c3.exe

windows7-x64

f9cc4a11a1...c3.exe

windows10-2004-x64

Sharing

General

Target

f9cc4a11a11e7c2aae54d608186614ed82155132f1a11f340e4179b7313f2bc3.exe.zip
Size

384KB
Sample

231031-rdmhfshc8y
MD5

a1496cad185aaad6d7c9c1e173554d29
SHA1

c71af3ce580da499bc544cb7f4d85a14d17ba201
SHA256

3727d712e619a7c1de57a4987614cc11f08cdcf9ddb6d798a52b30b7f3ddfdf4
SHA512

d34a4b1bb59e061dfe427b0900f99680c3a0c2fe783342fd3742832e49687f0ec34103eef15e3e1373aa76b51bd997a4967c128ff7b1809eb0e21ec30b7641ae
SSDEEP

6144:Ao92Kto9OChFbn5sftZCoVLOFqrop5S4vaC2bNm6Fn9vegh4ufU13dHJx9KDpQuz:Ao92WiZvqa0jov9j2xTj4ufQdHJxIQuz

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f9cc4a11a11e7c2aae54d608186614ed82155132f1a11f340e4179b7313f2bc3.exe

Resource

win7-20231020-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9cc4a11a11e7c2aae54d608186614ed82155132f1a11f340e4179b7313f2bc3.exe

Resource

win10v2004-20231023-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  f9cc4a11a11e7c2aae54d608186614ed82155132f1a11f340e4179b7313f2bc3.exe
- Size
  
  720KB
- MD5
  
  3d545a30c97699a5b44fd85b40d05016
- SHA1
  
  93432f2a5b5352cc94d3c4f196f60245f7efda6d
- SHA256
  
  f9cc4a11a11e7c2aae54d608186614ed82155132f1a11f340e4179b7313f2bc3
- SHA512
  
  453fe53dd79d7bc478cad9c74e9f86c30f522faa0b28b27ad0782afda2193e465a5d0d326f9aad235c106065d44a4c9d1a43bc24414fce5ebb1e104c0df1c317
- SSDEEP
  
  12288:qzJUxbtiiTHRJuEkQO7EwC2ZwFRtAdRXRryd+sq1zngB:q9oNTHRz/O7rT6FRteRXR2IsqqB
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy