ammyyadmin | 6dc66741b8e6b8e338c1abd40209191805b169a808df5ee565623ae926b38521 | Triage

Sharing

General

Target

70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118
Size

726KB
Sample

240525-cc7pnsaf3w
MD5

70814c3d05ff00b7cce5328c19b8c1d6
SHA1

13b503ee98876554f191a710ccf6c0d37d75daca
SHA256

6dc66741b8e6b8e338c1abd40209191805b169a808df5ee565623ae926b38521
SHA512

7ce5250a46b882d78fba0218d46c794e64dc3673520a54858d244537a116128be7146b3db4bf749c13c2664fc8e2edf8c600faa127e01582c3a52c1045f9a8ab
SSDEEP

12288:3YdNctvsfu2LVBfKf057C9lRt3i5olGJssozsghz:odNikfu2hBfK8ilRty5olGJsseN

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  70814c3d05ff00b7cce5328c19b8c1d6_JaffaCakes118
- Size
  
  726KB
- MD5
  
  70814c3d05ff00b7cce5328c19b8c1d6
- SHA1
  
  13b503ee98876554f191a710ccf6c0d37d75daca
- SHA256
  
  6dc66741b8e6b8e338c1abd40209191805b169a808df5ee565623ae926b38521
- SHA512
  
  7ce5250a46b882d78fba0218d46c794e64dc3673520a54858d244537a116128be7146b3db4bf749c13c2664fc8e2edf8c600faa127e01582c3a52c1045f9a8ab
- SSDEEP
  
  12288:3YdNctvsfu2LVBfKf057C9lRt3i5olGJssozsghz:odNikfu2hBfK8ilRty5olGJsseN
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan