ammyyadmin | ce53586b70d395f8b3a56a6afc23bed0296e2aa53914fd2e4f229c4dac9ac9c9 | Triage

Submit
Reports

Overview

overview

Static

static

b2d7dd7195...18.exe

windows7-x64

b2d7dd7195...18.exe

windows10-2004-x64

Sharing

General

Target

b2d7dd7195b34c26e5faf1fcf10b653e_JaffaCakes118
Size

748KB
Sample

240616-lp4m8asdnk
MD5

b2d7dd7195b34c26e5faf1fcf10b653e
SHA1

c17ad78a2ae96ad1c04d4d853f2614ecb9966729
SHA256

ce53586b70d395f8b3a56a6afc23bed0296e2aa53914fd2e4f229c4dac9ac9c9
SHA512

f55f9bad73f919d55562037004bdad9b550fe90fcafb71faffd65a1dc58ab49116801b4fe1f5e648e8ea9a983cfde1ffe31ee46258460cbeb46ed9b9a1ef7ad9
SSDEEP

12288:/VFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVVigG:PUEUUw9RaTNicBrPFRtJ1iVTsCfG

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b2d7dd7195b34c26e5faf1fcf10b653e_JaffaCakes118.exe

Resource

win7-20240611-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2d7dd7195b34c26e5faf1fcf10b653e_JaffaCakes118.exe

Resource

win10v2004-20240611-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b2d7dd7195b34c26e5faf1fcf10b653e_JaffaCakes118
- Size
  
  748KB
- MD5
  
  b2d7dd7195b34c26e5faf1fcf10b653e
- SHA1
  
  c17ad78a2ae96ad1c04d4d853f2614ecb9966729
- SHA256
  
  ce53586b70d395f8b3a56a6afc23bed0296e2aa53914fd2e4f229c4dac9ac9c9
- SHA512
  
  f55f9bad73f919d55562037004bdad9b550fe90fcafb71faffd65a1dc58ab49116801b4fe1f5e648e8ea9a983cfde1ffe31ee46258460cbeb46ed9b9a1ef7ad9
- SSDEEP
  
  12288:/VFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVVigG:PUEUUw9RaTNicBrPFRtJ1iVTsCfG
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy