ammyyadmin | 54f47b3d009102576c0c59abffca99c2ecd890a2f0c7399e8df5f1af48206d94 | Triage

Sharing

General

Target

344c1c3f1f4aff830473ce838f3e5d47_JaffaCakes118
Size

391KB
Sample

240511-nagagsge96
MD5

344c1c3f1f4aff830473ce838f3e5d47
SHA1

b3d01a0a9f8e2a168495326873bb14d2a7a7abdb
SHA256

54f47b3d009102576c0c59abffca99c2ecd890a2f0c7399e8df5f1af48206d94
SHA512

3d1757f655d27da1fd3bb433d44bb005defbf6e1a2d66be6baafdd3f0558511d2ecd3664e5a906a6105650290d027e3450825300f7b51f133f0cd05472273d08
SSDEEP

12288:NlF/o/fePQ89MZ0siu1exp3cks9zgKCxA5jM6:F/oH0fm6sL1eAks1gxxA5M6

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  AA_v3.exe
- Size
  
  755KB
- MD5
  
  11bc606269a161555431bacf37f7c1e4
- SHA1
  
  63c52b0ac68ab7464e2cd777442a5807db9b5383
- SHA256
  
  1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
- SHA512
  
  0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f
- SSDEEP
  
  12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan