General

  • Target

    e06e64a7cc93a7372554f4fa74c3b54c

  • Size

    354KB

  • Sample

    231222-s8amtadfc2

  • MD5

    e06e64a7cc93a7372554f4fa74c3b54c

  • SHA1

    22bf76f4cbb5092e5df8f5530177923c619cd420

  • SHA256

    b34545c6faf06eab1ca4db9d5378a0ca775d4d45e5b2fb6ee88e07180d240c70

  • SHA512

    6e8b849b8566f29a2079042e9154600f68b8067b8bfb48083ca7f9e3934938d6960749cc11080a9b213c8c7f7e12c74013f2633f411beed5c7357109665b247e

  • SSDEEP

    6144:jRxgR/T50Gn5Oi64+1yKnu1n+ZXy6JOGxHf9q9g/zPscShcSA8ZbybaFZcTAHLyF:j09CiON4Sin+Zykvh8ywhb3Z/Kld

Malware Config

Targets

    • Target

      AmmyyAdmin_v3.exe

    • Size

      701KB

    • MD5

      61e9063d98bd8ceb0eb78332996e1fe5

    • SHA1

      95c0575928ed459928d70ab4d82199a092cf7d90

    • SHA256

      5cf1cc749208121e38b2984edca4583997ba72e8225ef94512debf9794c9192a

    • SHA512

      238d302f03b83906184b5d1cd6afaa8b2429f8d16a18ac759fe65eb0aa86de29a8b59f5fea53fa61803519837c6715b8d283877f27a1e34a4c4a2d8425e3c8cd

    • SSDEEP

      12288:lA4uNgU63ohsfC0acs34Br2z1Rt9adJ75+z8BNzbgc:bFUCMs9a5II1RtwdJt28BNAc

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks