General
-
Target
7ca5b68585b14145e79b800d7d1c6e57.rar
-
Size
336KB
-
Sample
240101-lza4nagcfn
-
MD5
7ca5b68585b14145e79b800d7d1c6e57
-
SHA1
cfcc551a2adddf35236323891702efdd12384c23
-
SHA256
42b1ae153366264dc556bcf909ade649caeb796151458e1096a3087b1c956c7e
-
SHA512
1f4ba2ad06f275520c6583fed0125cf7279b53219a710fcea77c9c112370248821b9268904020a97d6ef3d683ab8f396bc7ab151b9eb2c2ce074516a631b8349
-
SSDEEP
6144:JftJpvOXGtqM8Wy5BUCzAGC2+CNxWngBoi9Xzq+7aQtF35ci5swgRF1Qr:t8mwzAGC2+4oCrBJlZqo
Behavioral task
behavioral1
Sample
Ammyy Admin Corporate v3.5.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Ammyy Admin Corporate v3.5.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
sainetco.ir.url
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
sainetco.ir.url
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Ammyy Admin Corporate v3.5.exe
-
Size
746KB
-
MD5
2fcbad97d4443200c6d103b7474466f0
-
SHA1
a94db856006bbf526d57217ff4d4b2f73ee53f7c
-
SHA256
4ce31888140938c0409b7bd9bd46914232fc2d490181eb8ceb74941056a2b765
-
SHA512
56c093e09ecab1e9a99b99638591fdd4824ce84e68e7daddc228d1e479a8d51304ed8d72b511cdb4ec74292d0a0bb42ff02761001f0296503aca7c0e66565516
-
SSDEEP
12288:PUYiJqMH2OwlaUPcWWwTXZV8f64RteVpN5ETMasTjcP6gX:ziJJWOwlaUPcWWwDZb4Rt+N5WMasHoX
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
sainetco.ir.url
-
Size
207B
-
MD5
5b209599e1fd1c0ad77f7be78ca6b837
-
SHA1
e343809d0528d696fe2b0796da6aa1d73ac72f57
-
SHA256
022030c51ccd5e05a028b9d2f5ca62dab950983e91840be1526eb10921f3961f
-
SHA512
7cfe50ee60fd89f6705e4efebcb51fe99773b84ead6de20c689cd933aa15e868a0e70cb8164c4e128b4b1893bb53ad687ef787dbb5507a04214e604acbfed68b
-