ammyyadmin | 7b800d430002dc67514cf719db65691e95e1a42ab82efb4633ea2be93a0c3cc7 | Triage

Sharing

General

Target

4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe.zip
Size

391KB
Sample

231201-sg2l8abb83
MD5

aa15e8cf3bc32696d8bb0fd0733b4788
SHA1

4cc39348203935fc6d27eda5841ef7d82d33adc1
SHA256

7b800d430002dc67514cf719db65691e95e1a42ab82efb4633ea2be93a0c3cc7
SHA512

2302c1a8f06562b83f29b34dda54c71f65b31dccd187a7bbf8ef814b04deb2c4f6297d7ea350ad92da98dc2e58f6bb9fdef28239e7625fee428a7c89a3869ad3
SSDEEP

6144:mc9z1K1wFdTjmJh54oXLy/VzdirdQPXZvmyMUzPeeukYDPHwlY8EvmZ10vnaTo7+:mOK1wFdCwVzd0doFmmPXNw610vMO8f

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  4731517b198414342891553881913565819509086b8154214462788c740b34c9.exe
- Size
  
  726KB
- MD5
  
  190785b2bb664324334c1b5231b5c4b0
- SHA1
  
  07539abb2623fe24b9a05e240f675fa2d15268cb
- SHA256
  
  4731517b198414342891553881913565819509086b8154214462788c740b34c9
- SHA512
  
  ab40f182fb52e5281f0761cf064a7f4b82ea04a2c9c00fe6faa4e61f8e632b8c7a64820e226b2ab668c99ada195c1ca117b702474bd023d84991a16dd10ba85c
- SSDEEP
  
  12288:8YdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzagH:HdNikfu2hBfK8ilRty5olGJsxNH
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan