General
-
Target
4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe.zip
-
Size
404KB
-
Sample
231231-bslxgadeek
-
MD5
00c3e72bd18910af5261e6e0716dced4
-
SHA1
0dee078f455b210fd3489f1a72a1c4fd90d8eb1c
-
SHA256
3e9debda74d9cfcc7f4a610405f77081bfda97a0c433c2813d2e21bd76a4ac86
-
SHA512
d6c8563c2fcbefa307d213d2f7f506e39a6bf9b25b2d1e060161d15236fd83c19ffb8f835552247d1f91b03ea8cd16778da585147e22d802b3798a4caa276acf
-
SSDEEP
12288:ZU/eDnC0qjYkk5KAS44FGvj2DaAGzjRw81PPpaa:7CljPk5KRFGG5MtbJaa
Behavioral task
behavioral1
Sample
4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe
-
Size
751KB
-
MD5
4d853025b8cd8c725bf78e3df6cce967
-
SHA1
c6bff7857fdf33cbd8f052ef5d669675e5cf06f8
-
SHA256
4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8
-
SHA512
977e43eaa763cc66114e00a615818c66a84a5a47bac1cdf21eff9f8f1dcebf138d8ede823265a2f30807d648c57bf036818254964358691d3f9a013f930705cf
-
SSDEEP
12288:Tc0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd1gF:Tc/UtwOrZgUHv54Rt6+YNkQsNmF
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-