Overview

overview

10

Static

static

10

349f7e00ee...9a.exe

windows7-x64

10

349f7e00ee...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45c9b54d66cbcc2de89f93e25f368a45.bin

  • Size

    376KB

  • Sample

    240113-bqtvasaag6

  • MD5

    aaa0b91a6d27c87846029b0c15b6e736

  • SHA1

    9f62ae135232a98fb50b491c83f151482e3d63e5

  • SHA256

    baf7d4cb66d24b7c829faaf9deb14c8fc623a58670a948ca0572eb57e9bff8d5

  • SHA512

    cc5f779fb959297a4779c163f352d7b22fa5d455606e8575fa02f828867a3c89f8332fbd77ff0db0435d042c66c19d3f0300078bed223b708effccfc8fdfa576

  • SSDEEP

    6144:21uCZFTkhzhI0DLhQaKzPGKCzlFzTL2jY/qeuZefsN+jKOPG/vyzOOXxKau1yv3n:OuCZFo40DFCjMZW8WZ6uOPG/vyz0aD3n

Score
10/10
ammyyadminflawedammyytrojan

Malware Config

Targets

    • Target

      349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a.exe

    • Size

      722KB

    • MD5

      45c9b54d66cbcc2de89f93e25f368a45

    • SHA1

      2e5265f35f75a50c89e592e127bc80e1e45aa840

    • SHA256

      349f7e00ee29b349b00c32318cb9b829b162167702957295712d37ebbb2a7a9a

    • SHA512

      25c3f1ec6d2e233464090f584777b15f18acfd1cb12124c236680689545ec8208bc364d26d7202e38368dbec34cd824600afb51845df8c9de8c8e83fba8d8b1f

    • SSDEEP

      12288:x2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEgK:xSIp2Ydd6SVcpz1RtXpGadsbShK

    Score
    10/10
    flawedammyytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks