General

  • Target

    7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404.exe.zip

  • Size

    402KB

  • Sample

    231201-se6s6aah65

  • MD5

    0fdad5b2013d23384545780515b74729

  • SHA1

    03c3368835386020031876af67c40ce11ad2072f

  • SHA256

    2295b2dd1806bd36a6e392cd7147368c817cf2a03d04ffa2d0577d18fd465204

  • SHA512

    3f534f3167bf35a90d194727189e1f04e57cd556ba4da1ba10f89f525571a74582962096f48decdbac54a2c4e1e40d62bcb7edb583dfd7c16273b447b7f3cc02

  • SSDEEP

    12288:fQF1Zb25hbO7ovkDlIWMrBBAXg/FaP6ySQHcJY:ejC5hbOcvkDlIbBAQ/FM6Gf

Malware Config

Targets

    • Target

      7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404.exe

    • Size

      750KB

    • MD5

      26c5005b85c01d3d38213a1f91e4f37f

    • SHA1

      8612bbad1bdb8e8ee4d2d09d49794e5e90eb74e1

    • SHA256

      7d437454328721b53ff409836ea78ab37473ebca53bbcaf8268b8274bc6f9404

    • SHA512

      e18284fdd4701225d23236e723e5cc7d03aa8642852a76907441ff63a00d8141b4ef999f0fba2ca2d4caae1e865c98b803e3efcb36139b3667fe4a5149c2f83a

    • SSDEEP

      12288:4eZpoosVoyMZ19L4t1/TdEv4Rt1AD6x64+6dsavVUWgJ:4etSwZ190t1/Tm4Rts6wlAshTJ

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks