General
-
Target
MDE_File_Sample_c6bff7857fdf33cbd8f052ef5d669675e5cf06f8.zip
-
Size
393KB
-
Sample
240206-xq7xtafdfn
-
MD5
9a2d925d33f642ced15e59d0090ba7fa
-
SHA1
46ee0763ffe8a2ae05ac6110826940ae8b01329a
-
SHA256
b50982f889255af6558b6ee07be5837049bb94297ff0c0db6d4670a9001916dc
-
SHA512
1964f6360dfd431815286ecdc8adee5ec5e70d4cfce091a7947bb0df038b3c5d1ec65fa882d244808195d66658e1953d5d29d00b4859535f7af79cdcd9fa7aaf
-
SSDEEP
6144:Rf5gLrfpY/wKbZWUlVTal9hrBu/RMq8CfIR29CSuIIh3ooUpF4vEREMf3QQ7iaF:LgLkw8ZVM9hduSqbIosSuII7WVy+QeDF
Behavioral task
behavioral1
Sample
AlphaZackCosmos.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
AlphaZackCosmos.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
AlphaZackCosmos.exe
-
Size
751KB
-
MD5
4d853025b8cd8c725bf78e3df6cce967
-
SHA1
c6bff7857fdf33cbd8f052ef5d669675e5cf06f8
-
SHA256
4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8
-
SHA512
977e43eaa763cc66114e00a615818c66a84a5a47bac1cdf21eff9f8f1dcebf138d8ede823265a2f30807d648c57bf036818254964358691d3f9a013f930705cf
-
SSDEEP
12288:Tc0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd1gF:Tc/UtwOrZgUHv54Rt6+YNkQsNmF
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-