General
-
Target
e06e64a7cc93a7372554f4fa74c3b54c
-
Size
354KB
-
Sample
231222-s8amtadfc2
-
MD5
e06e64a7cc93a7372554f4fa74c3b54c
-
SHA1
22bf76f4cbb5092e5df8f5530177923c619cd420
-
SHA256
b34545c6faf06eab1ca4db9d5378a0ca775d4d45e5b2fb6ee88e07180d240c70
-
SHA512
6e8b849b8566f29a2079042e9154600f68b8067b8bfb48083ca7f9e3934938d6960749cc11080a9b213c8c7f7e12c74013f2633f411beed5c7357109665b247e
-
SSDEEP
6144:jRxgR/T50Gn5Oi64+1yKnu1n+ZXy6JOGxHf9q9g/zPscShcSA8ZbybaFZcTAHLyF:j09CiON4Sin+Zykvh8ywhb3Z/Kld
Behavioral task
behavioral1
Sample
AmmyyAdmin_v3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
AmmyyAdmin_v3.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
AmmyyAdmin_v3.exe
-
Size
701KB
-
MD5
61e9063d98bd8ceb0eb78332996e1fe5
-
SHA1
95c0575928ed459928d70ab4d82199a092cf7d90
-
SHA256
5cf1cc749208121e38b2984edca4583997ba72e8225ef94512debf9794c9192a
-
SHA512
238d302f03b83906184b5d1cd6afaa8b2429f8d16a18ac759fe65eb0aa86de29a8b59f5fea53fa61803519837c6715b8d283877f27a1e34a4c4a2d8425e3c8cd
-
SSDEEP
12288:lA4uNgU63ohsfC0acs34Br2z1Rt9adJ75+z8BNzbgc:bFUCMs9a5II1RtwdJt28BNAc
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-