General

  • Target

    flawedammyy

  • Size

    3.6MB

  • MD5

    743a6891999db5d7179091aba5f98fdb

  • SHA1

    eeca4b8f88fcae9db6f54304270699d459fb5722

  • SHA256

    fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f

  • SHA512

    9edef033663c828536190332ec87ac0096ffddae934d17c51b255a55ecb05774211a0edb1915c19384641befa291cfdfd2e3f878bf3b827f8b203ec1bee9dd96

  • SSDEEP

    98304:NX8jXTWmbAJDaFoKLxycZ2gzJXvXdfxs2g1ypKLC1z:NX8Dsm9ycUcv82Qy06

Score
10/10

Malware Config

Signatures

  • AmmyyAdmin payload 1 IoCs
  • Ammyyadmin family
  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • flawedammyy
    .exe windows:4 windows x86 arch:x86

    b78ecf47c0a3e24a6f4af114e2d1f5de


    Headers

    Imports

    Sections

  • $APPDATA/Wlanspeed/outst.exe
    .exe windows:4 windows x86 arch:x86

    4ce37a90a9a2fd90fcd2a0db88d60601


    Headers

    Imports

    Sections

  • $APPDATA/Wlanspeed/wlanspeed.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/INetC.dll
    .dll windows:4 windows x86 arch:x86

    8ef3613e48db9e7b48e33704238cd659


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    46f8b6973f33717335c0f6d8087de67b


    Headers

    Imports

    Exports

    Sections

  • $PROGRAMFILES/SinTech/TextEdit.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • $PROGRAMFILES/SinTech/TextEdit.exe.config