ammyyadmin | b50982f889255af6558b6ee07be5837049bb94297ff0c0db6d4670a9001916dc | Triage

Resubmissions

06-02-2024 19:04

240206-xq7xtafdfn 10

02-04-2023 09:53

230402-lw48bsha6t 10

Sharing

General

Target

MDE_File_Sample_c6bff7857fdf33cbd8f052ef5d669675e5cf06f8.zip
Size

393KB
Sample

240206-xq7xtafdfn
MD5

9a2d925d33f642ced15e59d0090ba7fa
SHA1

46ee0763ffe8a2ae05ac6110826940ae8b01329a
SHA256

b50982f889255af6558b6ee07be5837049bb94297ff0c0db6d4670a9001916dc
SHA512

1964f6360dfd431815286ecdc8adee5ec5e70d4cfce091a7947bb0df038b3c5d1ec65fa882d244808195d66658e1953d5d29d00b4859535f7af79cdcd9fa7aaf
SSDEEP

6144:Rf5gLrfpY/wKbZWUlVTal9hrBu/RMq8CfIR29CSuIIh3ooUpF4vEREMf3QQ7iaF:LgLkw8ZVM9hduSqbIosSuII7WVy+QeDF

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  AlphaZackCosmos.exe
- Size
  
  751KB
- MD5
  
  4d853025b8cd8c725bf78e3df6cce967
- SHA1
  
  c6bff7857fdf33cbd8f052ef5d669675e5cf06f8
- SHA256
  
  4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8
- SHA512
  
  977e43eaa763cc66114e00a615818c66a84a5a47bac1cdf21eff9f8f1dcebf138d8ede823265a2f30807d648c57bf036818254964358691d3f9a013f930705cf
- SSDEEP
  
  12288:Tc0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd1gF:Tc/UtwOrZgUHv54Rt6+YNkQsNmF
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan