ammyyadmin | d8b31596ab62c0d031fb6565c893a401556fe00287c936c3400221e31c171cbe | Triage

Sharing

General

Target

924314d642591e2c6fcfee28a0d69ec1621643c13a5ab1c5cbef973b8b57fb54.exe.zip
Size

382KB
Sample

231201-sptlkscc97
MD5

f8fe5699d46057cd7be49ef9b5b26aa9
SHA1

f92b266a070c976e7b8199ab790e800fe4b12aa6
SHA256

d8b31596ab62c0d031fb6565c893a401556fe00287c936c3400221e31c171cbe
SHA512

c97699eabc14b0071ad57f3101f35125bff1351a1feee97fa79a0febd38d545703079c446540c5cc0e0ed5657e6f687fa798420842b85095f43e552c8687fdcb
SSDEEP

6144:ypW9UQqngqHPM1fDjp10HLqvvUgeOOTfa1GUyFdQyBwcRTZZNatbOdK23btnBzRG:Hp4Gf3kHSn7AUydQyesZZNal0J3btnRo

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  924314d642591e2c6fcfee28a0d69ec1621643c13a5ab1c5cbef973b8b57fb54.exe
- Size
  
  713KB
- MD5
  
  c59be0a84718d97a82cfa59860bdab3a
- SHA1
  
  2a0df9bf173e167f90331d4ba4b05720ba6d37e4
- SHA256
  
  924314d642591e2c6fcfee28a0d69ec1621643c13a5ab1c5cbef973b8b57fb54
- SHA512
  
  245e9b6d513ca17ba8561e40b3c3a5cccc5b2256358fbf30383a72050f0c817d2272284a92a8b22f75908f86474f6367beb16ebc143c9b96ad64d7e5bff3862b
- SSDEEP
  
  12288:dVr29UGEg6VUM5oAL1jq3E2jj0NOjAqHKtCessZWjya7VM1en9Nm1RtNeCVao2Vp:vUbj4qwCessA41Rt0CVMVZtxP
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2