ammyyadmin | a49aabe032039ef2896901d91d75c4de5e23a08af8570c92bab70c3a520cd136 | Triage

Sharing

General

Target

4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe.zip
Size

404KB
Sample

231201-skk4msbe7t
MD5

b8e1ab7e8fdddb71215c5c24664cab91
SHA1

80f8f564ad8e0fac788ab4025385f7a28f1fef09
SHA256

a49aabe032039ef2896901d91d75c4de5e23a08af8570c92bab70c3a520cd136
SHA512

200c19f860128d802c56a42c8fef8bae47c43eaa247a64c970637871153dd558d1ccfbb9cbd3eb63b29137e7ec1496840d547fd97d888345e489319c7ceefd81
SSDEEP

6144:JOYf+FxwARcvQyIDf+UKrHzfDsC9N6H07qiRC+qbcSgx8FiPzUAn3ya8pnGn60/K:JYxwAR2QyIDirTfDs0tOpOSvUn3Js8K

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe
- Size
  
  751KB
- MD5
  
  4d853025b8cd8c725bf78e3df6cce967
- SHA1
  
  c6bff7857fdf33cbd8f052ef5d669675e5cf06f8
- SHA256
  
  4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8
- SHA512
  
  977e43eaa763cc66114e00a615818c66a84a5a47bac1cdf21eff9f8f1dcebf138d8ede823265a2f30807d648c57bf036818254964358691d3f9a013f930705cf
- SSDEEP
  
  12288:Tc0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd1gF:Tc/UtwOrZgUHv54Rt6+YNkQsNmF
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan