ammyyadmin | e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a | Triage

Submit
Reports

Overview

overview

Static

static

aa.exe

windows10-2004-x64

Sharing

General

Target

aa.exe
Size

651KB
Sample

240111-zm8faahcd8
MD5

b730e7b8f3eebd51dc21d7997313b890
SHA1

57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa
SHA256

e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a
SHA512

05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d
SSDEEP

12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

aa.exe

Resource

win10v2004-20231215-en

flawedammyy trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  aa.exe
- Size
  
  651KB
- MD5
  
  b730e7b8f3eebd51dc21d7997313b890
- SHA1
  
  57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa
- SHA256
  
  e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a
- SHA512
  
  05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d
- SSDEEP
  
  12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

© 2018-2024

Terms | Privacy