ammyyadmin | da3e304a70a99cb16416540d0ca4b6b0105271aaa0ef7368a79ffbfa6e61f4b6 | Triage

Sharing

General

Target

349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe.zip
Size

387KB
Sample

231231-bwk5cagbe7
MD5

a40bebadeb1f60d76d419dc9477824cc
SHA1

703fb5553e997963c2c3b1056ca8e4e552025c3d
SHA256

da3e304a70a99cb16416540d0ca4b6b0105271aaa0ef7368a79ffbfa6e61f4b6
SHA512

930a03d1b72426e8a40127e8e1c6b63e654860b696bc9de7ba95aa722e6e5d60e570357068d92a19ab40f11c2b929114d6b17a21a63ff4c6c12ca2c8c3dc84de
SSDEEP

6144:zV6y6WWsNqfbiMys9fEAhDr+I/lGNHHNNQ117mPL4VU0xDhaSp0Vc1XrmGoX5AS:55IfbIsNEictHNyUbgaSpPgGor

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe
- Size
  
  722KB
- MD5
  
  45c9b54d66cbcc2de89f93e25f368a45
- SHA1
  
  2e5265f35f75a50c89e592e127bc80e1e45aa840
- SHA256
  
  349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a
- SHA512
  
  25c3f1ec6d2e233464090f584777b15f18acfd1cb12124c236680689545ec8208bc364d26d7202e38368dbec34cd824600afb51845df8c9de8c8e83fba8d8b1f
- SSDEEP
  
  12288:x2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEgK:xSIp2Ydd6SVcpz1RtXpGadsbShK
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2