ammyyadmin | 27e9254ee7fb8ad0a65e299e42b60d81166f3b956c817d0148b0b9ee2b2d3c89 | Triage

Sharing

General

Target

0754d69f78cca7402bd5164adbdc6760_JaffaCakes118
Size

3.3MB
Sample

240429-ldc15afb28
MD5

0754d69f78cca7402bd5164adbdc6760
SHA1

5a07e1480132ab37c04094dce11b282d3c5ff180
SHA256

27e9254ee7fb8ad0a65e299e42b60d81166f3b956c817d0148b0b9ee2b2d3c89
SHA512

889adbf806b5be0777c27cf018ac7b047f37d769d9ce79e8145a8235affe33608a53ce1304dfda3e11f8ed8b006c2f74ff9fb490a1814cd2aa1d94c582557f06
SSDEEP

98304:0pre+d4Vn3S4J2W0Upe4QwkN0/Pe2PWJAMT:2e+d4tiE2WRpJNKoP9GAw

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  AA_v3.exe
- Size
  
  762KB
- MD5
  
  e9b569f7cbf23d91df065c18f4c43840
- SHA1
  
  5d7cb1a2ca7db04edf23dd3ed41125c8c867b0ad
- SHA256
  
  d67c7ef1c8e2cd56e266902bef814ac328d64bbe06086f4ee24fbadbebf39605
- SHA512
  
  a9f01663b0c0ce9d30bd6760847bf3c18318801634145ec75e047019a8e8a9b13ea8122449b8f45ad40b63d4551cb85230df1b41a41ddc33a39cfcf2ec237ccb
- SSDEEP
  
  12288:kX5PFc+E0SlpOvcC1KL/q/IZVURtCdshX5x8jR31QEY0VEoge:2P++ZSlpOUC1KT4+URtYshX5aRlQEYte
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  AeroAdmin.exe
- Size
  
  2.2MB
- MD5
  
  c984faac414c41839adab61ec608a07e
- SHA1
  
  2694da22f94b83f7d3c7696ef040f7f0d1122ce6
- SHA256
  
  dddb977a26860390bd1dbeb4a00e5dab5eac9108190246ada8a76a8510c44dfe
- SHA512
  
  85314c219a3ae25c3854f67ac95f7cc280b2d140350e79849e152ee59e3c72ab12216173d1dae90b46bba077d254a616af8f323fa8d190661cd70109fe1711e4
- SSDEEP
  
  49152:D6Q2Kqr1aNUs1T8+IsWTdLraplDXVypwZpT8RlD2JEHQri/r4Ha1LgOoW9YjG2S4:2rQT8jg1lqlD2Jni/r461L1oDjD
Score

3^/10
behavioral3 behavioral4
- Target
  
  AnyDesk.exe
- Size
  
  2.0MB
- MD5
  
  bec8a2806dc3260c1d5f1f3d5a0c4417
- SHA1
  
  36a061d79f4e3ad833ef8c5989b01c7b00eed06c
- SHA256
  
  6de889f1309e30e024bd5dfcd4cde7a97c4c3d61e5324a09f356811d9db998eb
- SHA512
  
  087f98334fc2ac7235f7978cd874c09fe3660a041c28a73d65529d365feacf932979e0f6b56ea33e22113ac11148982b8fc55eb713cebad90b74271c2f78b212
- SSDEEP
  
  49152:H8NCer0ajCVzFuGuPgobZO2qwa5r1LLX38Iug:ipr0ajCVzFG4B2qw0XsIh
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

behavioral3

behavioral4

behavioral5

behavioral6