General

  • Target

    c5d8730d4262ad37537b5d884cde2c99

  • Size

    322KB

  • Sample

    240313-pdgk4acf3t

  • MD5

    c5d8730d4262ad37537b5d884cde2c99

  • SHA1

    9e5430bc88b767310996eacf4a3ddf1061d63fc4

  • SHA256

    9193216fe32d889861b89e30af51717757272e4bfa22d9166d0ae95eb985204c

  • SHA512

    20e1db6c58cd3a755ee32458d0c386c6c47962355360197cca7ea6156f6ff8f6a4a6526396408c8679defbf4b84ce8a8529bde9ddb181df52fb065a75f750228

  • SSDEEP

    6144:zjyKtN1B0fiy4ckLfSybXY3hcT04g/ia7Febn6KDDkNb9wey56uwyKERwD9cXg:zttN12fiIafZY3hcT4Ka7E76BNb9Zy5Y

Malware Config

Targets

    • Target

      AA_v3.1.exe

    • Size

      717KB

    • MD5

      9561c8f7bd981a9eaac23ec6fa9a65e5

    • SHA1

      519d06745dad2be35d2de25f9739b80ea64e1fdd

    • SHA256

      0fd5789a6ff2a978eddc093ac89df7192d17fd73825042c44acc844d7aa6517e

    • SHA512

      6f263987d0d432d7b8d6080be1a5bd69d35f458ada851c301ec4162d91e14e9a6fcd20115920943ebf86ea4a64fd4c6e781ab430cc0c8eed97a5ed834686ae5b

    • SSDEEP

      12288:UKHp9fDIItMm2o44sGTdBqWvwD+8ChCbW3XTjY1r1RtH8ePhAU5u0AhpZxAh9gJ:UorLkbDEhyW3XS1RtcePKUBATZxXJ

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks