ammyyadmin | ba992179336a255b6274e8f7372f741a85305da0b1ee4ce1e5e73d5f3d57e181 | Triage

Submit
Reports

Overview

overview

Static

static

128bc5d4a3...18.exe

windows7-x64

128bc5d4a3...18.exe

windows10-2004-x64

Sharing

General

Target

128bc5d4a3e25fea59fa6c3f04949257_JaffaCakes118
Size

696KB
Sample

240626-tbxlrathql
MD5

128bc5d4a3e25fea59fa6c3f04949257
SHA1

ad8cea9f27161437365dfba43055fdafcd198268
SHA256

ba992179336a255b6274e8f7372f741a85305da0b1ee4ce1e5e73d5f3d57e181
SHA512

4a544431f298f6d6da4dfbf421fdb05ae308f2bc08c8ba421c2f1e42fce1f67ea1217f3c9eaaa0698ec68b9fbcf29f508e99a3d60c0c9e0b51791edbbb09aaa6
SSDEEP

12288:qqpX2zPf0bvoLsU+FKN0fCskD1RtcnzepMqBCzIgB:TOPMrGL+FKNAe1RtkzepMqBCJB

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

128bc5d4a3e25fea59fa6c3f04949257_JaffaCakes118.exe

Resource

win7-20240611-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

128bc5d4a3e25fea59fa6c3f04949257_JaffaCakes118.exe

Resource

win10v2004-20240611-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  128bc5d4a3e25fea59fa6c3f04949257_JaffaCakes118
- Size
  
  696KB
- MD5
  
  128bc5d4a3e25fea59fa6c3f04949257
- SHA1
  
  ad8cea9f27161437365dfba43055fdafcd198268
- SHA256
  
  ba992179336a255b6274e8f7372f741a85305da0b1ee4ce1e5e73d5f3d57e181
- SHA512
  
  4a544431f298f6d6da4dfbf421fdb05ae308f2bc08c8ba421c2f1e42fce1f67ea1217f3c9eaaa0698ec68b9fbcf29f508e99a3d60c0c9e0b51791edbbb09aaa6
- SSDEEP
  
  12288:qqpX2zPf0bvoLsU+FKN0fCskD1RtcnzepMqBCzIgB:TOPMrGL+FKNAe1RtkzepMqBCJB
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy