ammyyadmin | d0c08693a433c8a56813313ee2eb147c74ab8da375713f54412ddc4cf6619dd2 | Triage

Sharing

General

Target

6e9bdf902ff57bde77238e1f470c609e_JaffaCakes118
Size

334KB
Sample

240524-qbxpzaef97
MD5

6e9bdf902ff57bde77238e1f470c609e
SHA1

0bbacf9d52906f2627d07c13e4ba8d8942a39c84
SHA256

d0c08693a433c8a56813313ee2eb147c74ab8da375713f54412ddc4cf6619dd2
SHA512

0da84a35dc26b0887ab8595f39abbd11e527c9461ad92bcfbda6d9b2b7d3202d002e6f4014616dc6a8d3d04b1a06e48857092f867eb998ca26659b6beaa4c631
SSDEEP

6144:62zV8qc9VFY5rzNVxqdkvaeBA02EMCbQhH05tySo04q+QAGdoi6dQxBk:6K0VFIrtaeBKEMx0+m+Udv6dj

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  AA_v3.5.exe
- Size
  
  746KB
- MD5
  
  2cbf5657ffd8858a9597f296a60270c2
- SHA1
  
  b130611c92788337c4f6bb9e9454ff06eb409166
- SHA256
  
  9b3f4d6a9bae4d7f9cfe45e706db8fe4baef51ae12353941e8b1532b231e6eac
- SHA512
  
  06339a299c8c9ce55e9b96582e54e0bf9e04f894ceb47c07486adf8b0140c2a01fd0932207aca8112ee0b16ba8711fee9435e37339aafb94f167b5a736ee7d0b
- SSDEEP
  
  12288:6NgEvTkYGzXUMA7PTgM0YOg26y4RtcxcUwhqb3omaY80NP6gL:6XTszE7PTgM0YOgA4RtcbwhsSYFVL
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan