ammyyadmin | b5f65158f6713aa2fb7dd0b09d5f6dd39ae3cd1212ad330da207244d522aee20 | Triage

Sharing

General

Target

ammyy.exe
Size

726KB
Sample

240226-rjygxafh69
MD5

d22d719495f23e38805bbea5df434abb
SHA1

3cfeeb974e65c0ba671d81459d2c6b694d5d4eaf
SHA256

b5f65158f6713aa2fb7dd0b09d5f6dd39ae3cd1212ad330da207244d522aee20
SHA512

d87670775d222b25b329377c8d26c2a4c88ce6b1aa1d6fc004b95ad93f377fd56fb03e709b4b61b26c4fcf06fe477e42afe9f9715884ea91699548b1e4d4a4c7
SSDEEP

12288:ozJUxbtiiTHRJuEkQO7EwC2ZwFRtAdRXRryd+sq1zsgp:o9oNTHRz/O7rT6FRteRXR2IsqXp

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  ammyy.exe
- Size
  
  726KB
- MD5
  
  d22d719495f23e38805bbea5df434abb
- SHA1
  
  3cfeeb974e65c0ba671d81459d2c6b694d5d4eaf
- SHA256
  
  b5f65158f6713aa2fb7dd0b09d5f6dd39ae3cd1212ad330da207244d522aee20
- SHA512
  
  d87670775d222b25b329377c8d26c2a4c88ce6b1aa1d6fc004b95ad93f377fd56fb03e709b4b61b26c4fcf06fe477e42afe9f9715884ea91699548b1e4d4a4c7
- SSDEEP
  
  12288:ozJUxbtiiTHRJuEkQO7EwC2ZwFRtAdRXRryd+sq1zsgp:o9oNTHRz/O7rT6FRteRXR2IsqXp
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan