General

  • Target

    7ca5b68585b14145e79b800d7d1c6e57.rar

  • Size

    336KB

  • Sample

    240101-lza4nagcfn

  • MD5

    7ca5b68585b14145e79b800d7d1c6e57

  • SHA1

    cfcc551a2adddf35236323891702efdd12384c23

  • SHA256

    42b1ae153366264dc556bcf909ade649caeb796151458e1096a3087b1c956c7e

  • SHA512

    1f4ba2ad06f275520c6583fed0125cf7279b53219a710fcea77c9c112370248821b9268904020a97d6ef3d683ab8f396bc7ab151b9eb2c2ce074516a631b8349

  • SSDEEP

    6144:JftJpvOXGtqM8Wy5BUCzAGC2+CNxWngBoi9Xzq+7aQtF35ci5swgRF1Qr:t8mwzAGC2+4oCrBJlZqo

Malware Config

Targets

    • Target

      Ammyy Admin Corporate v3.5.exe

    • Size

      746KB

    • MD5

      2fcbad97d4443200c6d103b7474466f0

    • SHA1

      a94db856006bbf526d57217ff4d4b2f73ee53f7c

    • SHA256

      4ce31888140938c0409b7bd9bd46914232fc2d490181eb8ceb74941056a2b765

    • SHA512

      56c093e09ecab1e9a99b99638591fdd4824ce84e68e7daddc228d1e479a8d51304ed8d72b511cdb4ec74292d0a0bb42ff02761001f0296503aca7c0e66565516

    • SSDEEP

      12288:PUYiJqMH2OwlaUPcWWwTXZV8f64RteVpN5ETMasTjcP6gX:ziJJWOwlaUPcWWwDZb4Rt+N5WMasHoX

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      sainetco.ir.url

    • Size

      207B

    • MD5

      5b209599e1fd1c0ad77f7be78ca6b837

    • SHA1

      e343809d0528d696fe2b0796da6aa1d73ac72f57

    • SHA256

      022030c51ccd5e05a028b9d2f5ca62dab950983e91840be1526eb10921f3961f

    • SHA512

      7cfe50ee60fd89f6705e4efebcb51fe99773b84ead6de20c689cd933aa15e868a0e70cb8164c4e128b4b1893bb53ad687ef787dbb5507a04214e604acbfed68b

    Score
    6/10

MITRE ATT&CK Enterprise v15

Tasks