ammyyadmin | 553d2f7a372c37f11870bcfc9cd923037b45ac97a130697064549f48e81ac29e | Triage

Sharing

General

Target

3aafebbf1591363029b868c1b664b808_JaffaCakes118
Size

735KB
Sample

240512-saavxsbc5z
MD5

3aafebbf1591363029b868c1b664b808
SHA1

7f213071dd178ec31afe1c8a443f817fce50b233
SHA256

553d2f7a372c37f11870bcfc9cd923037b45ac97a130697064549f48e81ac29e
SHA512

8fcd5bacbdc5aed3c48420fcbd3ea5a4a8a0a5c81ab043addbd8b2e559f8a9580b6bbdd513273d6075f69f04f52f6d413941095895c9a06677e61e0ab201b596
SSDEEP

12288:7c0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd6gr:7c/UtwOrZgUHv54Rt6+YNkQsNnr

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  3aafebbf1591363029b868c1b664b808_JaffaCakes118
- Size
  
  735KB
- MD5
  
  3aafebbf1591363029b868c1b664b808
- SHA1
  
  7f213071dd178ec31afe1c8a443f817fce50b233
- SHA256
  
  553d2f7a372c37f11870bcfc9cd923037b45ac97a130697064549f48e81ac29e
- SHA512
  
  8fcd5bacbdc5aed3c48420fcbd3ea5a4a8a0a5c81ab043addbd8b2e559f8a9580b6bbdd513273d6075f69f04f52f6d413941095895c9a06677e61e0ab201b596
- SSDEEP
  
  12288:7c0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd6gr:7c/UtwOrZgUHv54Rt6+YNkQsNnr
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan