ammyyadmin | 3e9debda74d9cfcc7f4a610405f77081bfda97a0c433c2813d2e21bd76a4ac86 | Triage

Submit
Reports

Overview

overview

Static

static

4f648c95b8...f8.exe

windows7-x64

4f648c95b8...f8.exe

windows10-2004-x64

Sharing

General

Target

4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe.zip
Size

404KB
Sample

231231-bslxgadeek
MD5

00c3e72bd18910af5261e6e0716dced4
SHA1

0dee078f455b210fd3489f1a72a1c4fd90d8eb1c
SHA256

3e9debda74d9cfcc7f4a610405f77081bfda97a0c433c2813d2e21bd76a4ac86
SHA512

d6c8563c2fcbefa307d213d2f7f506e39a6bf9b25b2d1e060161d15236fd83c19ffb8f835552247d1f91b03ea8cd16778da585147e22d802b3798a4caa276acf
SSDEEP

12288:ZU/eDnC0qjYkk5KAS44FGvj2DaAGzjRw81PPpaa:7CljPk5KRFGG5MtbJaa

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe

Resource

win7-20231215-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe

Resource

win10v2004-20231215-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe
- Size
  
  751KB
- MD5
  
  4d853025b8cd8c725bf78e3df6cce967
- SHA1
  
  c6bff7857fdf33cbd8f052ef5d669675e5cf06f8
- SHA256
  
  4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8
- SHA512
  
  977e43eaa763cc66114e00a615818c66a84a5a47bac1cdf21eff9f8f1dcebf138d8ede823265a2f30807d648c57bf036818254964358691d3f9a013f930705cf
- SSDEEP
  
  12288:Tc0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd1gF:Tc/UtwOrZgUHv54Rt6+YNkQsNmF
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy