ammyyadmin | 03201982c09f0b8d7e4fb849a882277521e55b6b52e1562c6d19252b9635e09b | Triage

Sharing

General

Target

cb08d5622b147d7c13ddea2da4462af62030a473e48188f1e0bfd5d7480fbfad.exe.zip
Size

435KB
Sample

231031-rl8qnaaa3y
MD5

2eed4cc78679ea6ac0b0249051b7a671
SHA1

be8443be773c78bec88ae2d3ace5d4e765c8e9e1
SHA256

03201982c09f0b8d7e4fb849a882277521e55b6b52e1562c6d19252b9635e09b
SHA512

24301149edbff0476d44f112613822b910e7e6009deb9896d3b14f355c73df2fcee83aeaa017b81cfddf79e4d54e99905ad8885c40cec33b72956ccc721696ef
SSDEEP

12288:sm4uvBYzSWcvZOfmQXx30bcsvFCBKU1/tGOCjc8D:shupYmWcvZOOQ1KcSFcKUdtGtc8D

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  cb08d5622b147d7c13ddea2da4462af62030a473e48188f1e0bfd5d7480fbfad.exe
- Size
  
  32.7MB
- MD5
  
  3c62d59ddaf151bd4080821d415a08ef
- SHA1
  
  70129d7eb37c361aa1f6077fda3b76b6b3bb7f62
- SHA256
  
  cb08d5622b147d7c13ddea2da4462af62030a473e48188f1e0bfd5d7480fbfad
- SHA512
  
  fee1784e9ce231cd8b13c2caf19c08984934e7f2d236fd5f697d52dcbbddd251f0d87315ade07277fa294c62ced8ae6173c62b557c7dab79603f451970f09938
- SSDEEP
  
  12288:Gii1SQxjP6j34G+t2aPHXuTy4RtfUwFDZAQmsNs8wsP6g:O1S6z6j34G+t2afXh4RtxFD/mAsV4
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan