ammyyadmin | 42b1ae153366264dc556bcf909ade649caeb796151458e1096a3087b1c956c7e | Triage

Submit
Reports

Overview

overview

Static

static

Ammyy Admi....5.exe

windows7-x64

Ammyy Admi....5.exe

windows10-2004-x64

sainetco.ir.url

windows7-x64

6

sainetco.ir.url

windows10-2004-x64

3

Sharing

General

Target

7ca5b68585b14145e79b800d7d1c6e57
Size

336KB
Sample

240128-kfnd7sfab7
MD5

7ca5b68585b14145e79b800d7d1c6e57
SHA1

cfcc551a2adddf35236323891702efdd12384c23
SHA256

42b1ae153366264dc556bcf909ade649caeb796151458e1096a3087b1c956c7e
SHA512

1f4ba2ad06f275520c6583fed0125cf7279b53219a710fcea77c9c112370248821b9268904020a97d6ef3d683ab8f396bc7ab151b9eb2c2ce074516a631b8349
SSDEEP

6144:JftJpvOXGtqM8Wy5BUCzAGC2+CNxWngBoi9Xzq+7aQtF35ci5swgRF1Qr:t8mwzAGC2+4oCrBJlZqo

Score

10^/10

ammyyadmin flawedammyy evasion trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Ammyy Admin Corporate v3.5.exe

Resource

win7-20231129-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ammyy Admin Corporate v3.5.exe

Resource

win10v2004-20231222-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

sainetco.ir.url

Resource

win7-20231215-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

sainetco.ir.url

Resource

win10v2004-20231222-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  Ammyy Admin Corporate v3.5.exe
- Size
  
  746KB
- MD5
  
  2fcbad97d4443200c6d103b7474466f0
- SHA1
  
  a94db856006bbf526d57217ff4d4b2f73ee53f7c
- SHA256
  
  4ce31888140938c0409b7bd9bd46914232fc2d490181eb8ceb74941056a2b765
- SHA512
  
  56c093e09ecab1e9a99b99638591fdd4824ce84e68e7daddc228d1e479a8d51304ed8d72b511cdb4ec74292d0a0bb42ff02761001f0296503aca7c0e66565516
- SSDEEP
  
  12288:PUYiJqMH2OwlaUPcWWwTXZV8f64RteVpN5ETMasTjcP6gX:ziJJWOwlaUPcWWwDZb4Rt+N5WMasHoX
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  sainetco.ir.url
- Size
  
  207B
- MD5
  
  5b209599e1fd1c0ad77f7be78ca6b837
- SHA1
  
  e343809d0528d696fe2b0796da6aa1d73ac72f57
- SHA256
  
  022030c51ccd5e05a028b9d2f5ca62dab950983e91840be1526eb10921f3961f
- SHA512
  
  7cfe50ee60fd89f6705e4efebcb51fe99773b84ead6de20c689cd933aa15e868a0e70cb8164c4e128b4b1893bb53ad687ef787dbb5507a04214e604acbfed68b
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

behavioral3

behavioral4

© 2018-2024

Terms | Privacy