ammyyadmin | 9193216fe32d889861b89e30af51717757272e4bfa22d9166d0ae95eb985204c | Triage

Sharing

General

Target

c5d8730d4262ad37537b5d884cde2c99
Size

322KB
Sample

240313-pdgk4acf3t
MD5

c5d8730d4262ad37537b5d884cde2c99
SHA1

9e5430bc88b767310996eacf4a3ddf1061d63fc4
SHA256

9193216fe32d889861b89e30af51717757272e4bfa22d9166d0ae95eb985204c
SHA512

20e1db6c58cd3a755ee32458d0c386c6c47962355360197cca7ea6156f6ff8f6a4a6526396408c8679defbf4b84ce8a8529bde9ddb181df52fb065a75f750228
SSDEEP

6144:zjyKtN1B0fiy4ckLfSybXY3hcT04g/ia7Febn6KDDkNb9wey56uwyKERwD9cXg:zttN12fiIafZY3hcT4Ka7E76BNb9Zy5Y

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  AA_v3.1.exe
- Size
  
  717KB
- MD5
  
  9561c8f7bd981a9eaac23ec6fa9a65e5
- SHA1
  
  519d06745dad2be35d2de25f9739b80ea64e1fdd
- SHA256
  
  0fd5789a6ff2a978eddc093ac89df7192d17fd73825042c44acc844d7aa6517e
- SHA512
  
  6f263987d0d432d7b8d6080be1a5bd69d35f458ada851c301ec4162d91e14e9a6fcd20115920943ebf86ea4a64fd4c6e781ab430cc0c8eed97a5ed834686ae5b
- SSDEEP
  
  12288:UKHp9fDIItMm2o44sGTdBqWvwD+8ChCbW3XTjY1r1RtH8ePhAU5u0AhpZxAh9gJ:UorLkbDEhyW3XS1RtcePKUBATZxXJ
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan