General

  • Target

    4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe.zip

  • Size

    404KB

  • Sample

    231231-bslxgadeek

  • MD5

    00c3e72bd18910af5261e6e0716dced4

  • SHA1

    0dee078f455b210fd3489f1a72a1c4fd90d8eb1c

  • SHA256

    3e9debda74d9cfcc7f4a610405f77081bfda97a0c433c2813d2e21bd76a4ac86

  • SHA512

    d6c8563c2fcbefa307d213d2f7f506e39a6bf9b25b2d1e060161d15236fd83c19ffb8f835552247d1f91b03ea8cd16778da585147e22d802b3798a4caa276acf

  • SSDEEP

    12288:ZU/eDnC0qjYkk5KAS44FGvj2DaAGzjRw81PPpaa:7CljPk5KRFGG5MtbJaa

Malware Config

Targets

    • Target

      4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8.exe

    • Size

      751KB

    • MD5

      4d853025b8cd8c725bf78e3df6cce967

    • SHA1

      c6bff7857fdf33cbd8f052ef5d669675e5cf06f8

    • SHA256

      4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8

    • SHA512

      977e43eaa763cc66114e00a615818c66a84a5a47bac1cdf21eff9f8f1dcebf138d8ede823265a2f30807d648c57bf036818254964358691d3f9a013f930705cf

    • SSDEEP

      12288:Tc0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd1gF:Tc/UtwOrZgUHv54Rt6+YNkQsNmF

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks