ammyyadmin | b34545c6faf06eab1ca4db9d5378a0ca775d4d45e5b2fb6ee88e07180d240c70 | Triage

Sharing

General

Target

e06e64a7cc93a7372554f4fa74c3b54c
Size

354KB
Sample

231222-s8amtadfc2
MD5

e06e64a7cc93a7372554f4fa74c3b54c
SHA1

22bf76f4cbb5092e5df8f5530177923c619cd420
SHA256

b34545c6faf06eab1ca4db9d5378a0ca775d4d45e5b2fb6ee88e07180d240c70
SHA512

6e8b849b8566f29a2079042e9154600f68b8067b8bfb48083ca7f9e3934938d6960749cc11080a9b213c8c7f7e12c74013f2633f411beed5c7357109665b247e
SSDEEP

6144:jRxgR/T50Gn5Oi64+1yKnu1n+ZXy6JOGxHf9q9g/zPscShcSA8ZbybaFZcTAHLyF:j09CiON4Sin+Zykvh8ywhb3Z/Kld

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  AmmyyAdmin_v3.exe
- Size
  
  701KB
- MD5
  
  61e9063d98bd8ceb0eb78332996e1fe5
- SHA1
  
  95c0575928ed459928d70ab4d82199a092cf7d90
- SHA256
  
  5cf1cc749208121e38b2984edca4583997ba72e8225ef94512debf9794c9192a
- SHA512
  
  238d302f03b83906184b5d1cd6afaa8b2429f8d16a18ac759fe65eb0aa86de29a8b59f5fea53fa61803519837c6715b8d283877f27a1e34a4c4a2d8425e3c8cd
- SSDEEP
  
  12288:lA4uNgU63ohsfC0acs34Br2z1Rt9adJ75+z8BNzbgc:bFUCMs9a5II1RtwdJt28BNAc
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan