General

  • Target

    43187615195eb86e931fd6c22b27e403

  • Size

    337KB

  • Sample

    240105-h66x5afebq

  • MD5

    43187615195eb86e931fd6c22b27e403

  • SHA1

    07701982bb2c0f92a819bddec538f44a34e1e5ed

  • SHA256

    a27e7ed5147c810b8b8d4a2f1cb106340db602f000a4f5e383b046af8a281f19

  • SHA512

    71a03b44d870fe73f845122b40df365dda2becd49bf4573efc2681023905c30fc347715d8d7d18241500b2721008356ff9428bc2a6889e0de426f74bd09bf0fa

  • SSDEEP

    6144:sup+gG0lJXvsd70jfMQsofTLZxYMj9r5vQOEsU4SQgalcnqpfj4CRgm+7s/8JfvC:5plJSefTfTLbj/oO5xUcpsCgwUJfrI+u

Malware Config

Targets

    • Target

      AA_v3.exe

    • Size

      755KB

    • MD5

      11bc606269a161555431bacf37f7c1e4

    • SHA1

      63c52b0ac68ab7464e2cd777442a5807db9b5383

    • SHA256

      1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed

    • SHA512

      0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f

    • SSDEEP

      12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks