General
-
Target
43187615195eb86e931fd6c22b27e403
-
Size
337KB
-
Sample
240105-h66x5afebq
-
MD5
43187615195eb86e931fd6c22b27e403
-
SHA1
07701982bb2c0f92a819bddec538f44a34e1e5ed
-
SHA256
a27e7ed5147c810b8b8d4a2f1cb106340db602f000a4f5e383b046af8a281f19
-
SHA512
71a03b44d870fe73f845122b40df365dda2becd49bf4573efc2681023905c30fc347715d8d7d18241500b2721008356ff9428bc2a6889e0de426f74bd09bf0fa
-
SSDEEP
6144:sup+gG0lJXvsd70jfMQsofTLZxYMj9r5vQOEsU4SQgalcnqpfj4CRgm+7s/8JfvC:5plJSefTfTLbj/oO5xUcpsCgwUJfrI+u
Behavioral task
behavioral1
Sample
AA_v3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
AA_v3.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
AA_v3.exe
-
Size
755KB
-
MD5
11bc606269a161555431bacf37f7c1e4
-
SHA1
63c52b0ac68ab7464e2cd777442a5807db9b5383
-
SHA256
1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
-
SHA512
0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f
-
SSDEEP
12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-