ammyyadmin | 6ada743ecb0767e2d93b199230888409b87999e8867e24ad7a9d616b07a2ed69 | Triage

Sharing

General

Target

6f15160778efbf7ea7ae3d232d90cc8a1773841745e4bf370df3860570bb49f9.exe.zip
Size

413KB
Sample

231031-rg3nvahf31
MD5

6a41d16e006c8404c5ebae3e947861b6
SHA1

9cc2fc35d6c6bb4ecacb2d439950fc50e8434514
SHA256

6ada743ecb0767e2d93b199230888409b87999e8867e24ad7a9d616b07a2ed69
SHA512

7f5e3d35be487893bc8db88f4570439329713c43dc5a5eea18c6cc4970ce32fb3ddf0430f7349cca1cf0776a13a15dbf5a121fab8914895d45c7bfd2ccee895b
SSDEEP

12288:1cmoU4xD1jiMkXuWVdPaWCEMjt8aan0Nxy6LiZ7:1cHD1jBeuspCEgt8ac0jy6eN

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  6f15160778efbf7ea7ae3d232d90cc8a1773841745e4bf370df3860570bb49f9.exe
- Size
  
  770KB
- MD5
  
  4b27ce8ba1995308e26f1c2cc7effc94
- SHA1
  
  e0fef9d68b3b09971bf1462fd0541f16647bceef
- SHA256
  
  6f15160778efbf7ea7ae3d232d90cc8a1773841745e4bf370df3860570bb49f9
- SHA512
  
  55df4dcee0a1a7555faf66efbd51bbd3652a3d302e4f3ae9961a4fdb443f0940a77f94445608a339e47e05eecc7e10ec53e61048716f451c27ec79d0a7b1e569
- SSDEEP
  
  24576:H3YRddOnSok4fx2j2z5kMNbsRtrxc130jVP:IRenlHx2j2zxlkpjV
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan