General

  • Target

    fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe

  • Size

    3.6MB

  • Sample

    240519-d6fcysgf95

  • MD5

    743a6891999db5d7179091aba5f98fdb

  • SHA1

    eeca4b8f88fcae9db6f54304270699d459fb5722

  • SHA256

    fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f

  • SHA512

    9edef033663c828536190332ec87ac0096ffddae934d17c51b255a55ecb05774211a0edb1915c19384641befa291cfdfd2e3f878bf3b827f8b203ec1bee9dd96

  • SSDEEP

    98304:NX8jXTWmbAJDaFoKLxycZ2gzJXvXdfxs2g1ypKLC1z:NX8Dsm9ycUcv82Qy06

Malware Config

Targets

    • Target

      fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe

    • Size

      3.6MB

    • MD5

      743a6891999db5d7179091aba5f98fdb

    • SHA1

      eeca4b8f88fcae9db6f54304270699d459fb5722

    • SHA256

      fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f

    • SHA512

      9edef033663c828536190332ec87ac0096ffddae934d17c51b255a55ecb05774211a0edb1915c19384641befa291cfdfd2e3f878bf3b827f8b203ec1bee9dd96

    • SSDEEP

      98304:NX8jXTWmbAJDaFoKLxycZ2gzJXvXdfxs2g1ypKLC1z:NX8Dsm9ycUcv82Qy06

    • Ammyy Admin

      Remote admin tool with various capabilities.

    • AmmyyAdmin payload

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Creates new service(s)

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks