General
-
Target
7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404.exe.zip
-
Size
402KB
-
Sample
231201-se6s6aah65
-
MD5
0fdad5b2013d23384545780515b74729
-
SHA1
03c3368835386020031876af67c40ce11ad2072f
-
SHA256
2295b2dd1806bd36a6e392cd7147368c817cf2a03d04ffa2d0577d18fd465204
-
SHA512
3f534f3167bf35a90d194727189e1f04e57cd556ba4da1ba10f89f525571a74582962096f48decdbac54a2c4e1e40d62bcb7edb583dfd7c16273b447b7f3cc02
-
SSDEEP
12288:fQF1Zb25hbO7ovkDlIWMrBBAXg/FaP6ySQHcJY:ejC5hbOcvkDlIbBAQ/FM6Gf
Behavioral task
behavioral1
Sample
7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404.exe
-
Size
750KB
-
MD5
26c5005b85c01d3d38213a1f91e4f37f
-
SHA1
8612bbad1bdb8e8ee4d2d09d49794e5e90eb74e1
-
SHA256
7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404
-
SHA512
e18284fdd4701225d23236e723e5cc7d03aa8642852a76907441ff63a00d8141b4ef999f0fba2ca2d4caae1e865c98b803e3efcb36139b3667fe4a5149c2f83a
-
SSDEEP
12288:4eZpoosVoyMZ19L4t1/TdEv4Rt1AD6x64+6dsavVUWgJ:4etSwZ190t1/Tm4Rts6wlAshTJ
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-