ammyyadmin | a27e7ed5147c810b8b8d4a2f1cb106340db602f000a4f5e383b046af8a281f19 | Triage

Sharing

General

Target

43187615195eb86e931fd6c22b27e403
Size

337KB
Sample

240105-h66x5afebq
MD5

43187615195eb86e931fd6c22b27e403
SHA1

07701982bb2c0f92a819bddec538f44a34e1e5ed
SHA256

a27e7ed5147c810b8b8d4a2f1cb106340db602f000a4f5e383b046af8a281f19
SHA512

71a03b44d870fe73f845122b40df365dda2becd49bf4573efc2681023905c30fc347715d8d7d18241500b2721008356ff9428bc2a6889e0de426f74bd09bf0fa
SSDEEP

6144:sup+gG0lJXvsd70jfMQsofTLZxYMj9r5vQOEsU4SQgalcnqpfj4CRgm+7s/8JfvC:5plJSefTfTLbj/oO5xUcpsCgwUJfrI+u

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  AA_v3.exe
- Size
  
  755KB
- MD5
  
  11bc606269a161555431bacf37f7c1e4
- SHA1
  
  63c52b0ac68ab7464e2cd777442a5807db9b5383
- SHA256
  
  1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
- SHA512
  
  0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f
- SSDEEP
  
  12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan