General
-
Target
349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe.zip
-
Size
387KB
-
Sample
231231-bwk5cagbe7
-
MD5
a40bebadeb1f60d76d419dc9477824cc
-
SHA1
703fb5553e997963c2c3b1056ca8e4e552025c3d
-
SHA256
da3e304a70a99cb16416540d0ca4b6b0105271aaa0ef7368a79ffbfa6e61f4b6
-
SHA512
930a03d1b72426e8a40127e8e1c6b63e654860b696bc9de7ba95aa722e6e5d60e570357068d92a19ab40f11c2b929114d6b17a21a63ff4c6c12ca2c8c3dc84de
-
SSDEEP
6144:zV6y6WWsNqfbiMys9fEAhDr+I/lGNHHNNQ117mPL4VU0xDhaSp0Vc1XrmGoX5AS:55IfbIsNEictHNyUbgaSpPgGor
Behavioral task
behavioral1
Sample
349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe
-
Size
722KB
-
MD5
45c9b54d66cbcc2de89f93e25f368a45
-
SHA1
2e5265f35f75a50c89e592e127bc80e1e45aa840
-
SHA256
349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a
-
SHA512
25c3f1ec6d2e233464090f584777b15f18acfd1cb12124c236680689545ec8208bc364d26d7202e38368dbec34cd824600afb51845df8c9de8c8e83fba8d8b1f
-
SSDEEP
12288:x2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEgK:xSIp2Ydd6SVcpz1RtXpGadsbShK
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-