General

  • Target

    ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a.exe.zip

  • Size

    434KB

  • Sample

    231201-sk5s2sbf3z

  • MD5

    2c520291a9f3a99a11d660f23d26f132

  • SHA1

    40f7e635f48001b799b1ea61de6bbd0bd7c0f34e

  • SHA256

    4a49d8f530e16241fde09fe9a2d7ecbe57a531de3d97f879433af031ab498694

  • SHA512

    dfec4ae081fca2094879a0363407c4378bc85c5c318f49e0a97eaa534b76c82b18df9312795062fa94afb1869a6442acc942974a784cb84989ce923c39b34aa4

  • SSDEEP

    12288:PBIGemlQQW7YyKh5drwGwimKYAWA3akeIiNfBQn1cs:PBIGIQlyO5xUipKTIe2Os

Malware Config

Targets

    • Target

      ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a.exe

    • Size

      798KB

    • MD5

      90aadf2247149996ae443e2c82af3730

    • SHA1

      050b7eba825412b24e3f02d76d7da5ae97e10502

    • SHA256

      ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a

    • SHA512

      eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be

    • SSDEEP

      24576:Uj0JJ4p/A4npt3XojeQG5EtzRtO7GvmDguXd:UjoJ4u4zojegylDN

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks