ammyyadmin | baf7d4cb66d24b7c829faaf9deb14c8fc623a58670a948ca0572eb57e9bff8d5 | Triage

Sharing

General

Target

45c9b54d66cbcc2de89f93e25f368a45.bin
Size

376KB
Sample

240113-bqtvasaag6
MD5

aaa0b91a6d27c87846029b0c15b6e736
SHA1

9f62ae135232a98fb50b491c83f151482e3d63e5
SHA256

baf7d4cb66d24b7c829faaf9deb14c8fc623a58670a948ca0572eb57e9bff8d5
SHA512

cc5f779fb959297a4779c163f352d7b22fa5d455606e8575fa02f828867a3c89f8332fbd77ff0db0435d042c66c19d3f0300078bed223b708effccfc8fdfa576
SSDEEP

6144:21uCZFTkhzhI0DLhQaKzPGKCzlFzTL2jY/qeuZefsN+jKOPG/vyzOOXxKau1yv3n:OuCZFo40DFCjMZW8WZ6uOPG/vyz0aD3n

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe
- Size
  
  722KB
- MD5
  
  45c9b54d66cbcc2de89f93e25f368a45
- SHA1
  
  2e5265f35f75a50c89e592e127bc80e1e45aa840
- SHA256
  
  349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a
- SHA512
  
  25c3f1ec6d2e233464090f584777b15f18acfd1cb12124c236680689545ec8208bc364d26d7202e38368dbec34cd824600afb51845df8c9de8c8e83fba8d8b1f
- SSDEEP
  
  12288:x2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEgK:xSIp2Ydd6SVcpz1RtXpGadsbShK
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan