Overview

overview

10

Static

static

10

AA_v3.1.exe

windows7-x64

10

AA_v3.1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5d8730d4262ad37537b5d884cde2c99

  • Size

    322KB

  • Sample

    240313-pdgk4acf3t

  • MD5

    c5d8730d4262ad37537b5d884cde2c99

  • SHA1

    9e5430bc88b767310996eacf4a3ddf1061d63fc4

  • SHA256

    9193216fe32d889861b89e30af51717757272e4bfa22d9166d0ae95eb985204c

  • SHA512

    20e1db6c58cd3a755ee32458d0c386c6c47962355360197cca7ea6156f6ff8f6a4a6526396408c8679defbf4b84ce8a8529bde9ddb181df52fb065a75f750228

  • SSDEEP

    6144:zjyKtN1B0fiy4ckLfSybXY3hcT04g/ia7Febn6KDDkNb9wey56uwyKERwD9cXg:zttN12fiIafZY3hcT4Ka7E76BNb9Zy5Y

Score
10/10
ammyyadminflawedammyytrojan

Malware Config

Targets

    • Target

      AA_v3.1.exe

    • Size

      717KB

    • MD5

      9561c8f7bd981a9eaac23ec6fa9a65e5

    • SHA1

      519d06745dad2be35d2de25f9739b80ea64e1fdd

    • SHA256

      0fd5789a6ff2a978eddc093ac89df7192d17fd73825042c44acc844d7aa6517e

    • SHA512

      6f263987d0d432d7b8d6080be1a5bd69d35f458ada851c301ec4162d91e14e9a6fcd20115920943ebf86ea4a64fd4c6e781ab430cc0c8eed97a5ed834686ae5b

    • SSDEEP

      12288:UKHp9fDIItMm2o44sGTdBqWvwD+8ChCbW3XTjY1r1RtH8ePhAU5u0AhpZxAh9gJ:UorLkbDEhyW3XS1RtcePKUBATZxXJ

    Score
    10/10
    flawedammyytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks