Overview

overview

10

Static

static

10

349f7e00ee...9a.exe

windows7-x64

10

349f7e00ee...9a.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe.zip

  • Size

    387KB

  • Sample

    231231-bwk5cagbe7

  • MD5

    a40bebadeb1f60d76d419dc9477824cc

  • SHA1

    703fb5553e997963c2c3b1056ca8e4e552025c3d

  • SHA256

    da3e304a70a99cb16416540d0ca4b6b0105271aaa0ef7368a79ffbfa6e61f4b6

  • SHA512

    930a03d1b72426e8a40127e8e1c6b63e654860b696bc9de7ba95aa722e6e5d60e570357068d92a19ab40f11c2b929114d6b17a21a63ff4c6c12ca2c8c3dc84de

  • SSDEEP

    6144:zV6y6WWsNqfbiMys9fEAhDr+I/lGNHHNNQ117mPL4VU0xDhaSp0Vc1XrmGoX5AS:55IfbIsNEictHNyUbgaSpPgGor

Score
10/10
ammyyadminflawedammyytrojan

Malware Config

Targets

    • Target

      349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe

    • Size

      722KB

    • MD5

      45c9b54d66cbcc2de89f93e25f368a45

    • SHA1

      2e5265f35f75a50c89e592e127bc80e1e45aa840

    • SHA256

      349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a

    • SHA512

      25c3f1ec6d2e233464090f584777b15f18acfd1cb12124c236680689545ec8208bc364d26d7202e38368dbec34cd824600afb51845df8c9de8c8e83fba8d8b1f

    • SSDEEP

      12288:x2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEgK:xSIp2Ydd6SVcpz1RtXpGadsbShK

    Score
    10/10
    flawedammyytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks