ammyyadmin | 60797554cc5556d0a2e631d34a599a110b620cfdd2438a049ebe355699f510fa | Triage

Sharing

General

Target

18e6fbf3a7799ead04694742028458de_JaffaCakes118
Size

701KB
Sample

240628-fwxklavhrl
MD5

18e6fbf3a7799ead04694742028458de
SHA1

cc42326f7cd7d68bb4a5f78e6b9807bb1c92d6d5
SHA256

60797554cc5556d0a2e631d34a599a110b620cfdd2438a049ebe355699f510fa
SHA512

48ad9211e79b1e3f35b191a06d1f19f4c32291c598b21f117c8d6f90bd1ca18ab134d35c726405ab63a233c180e708ea23db2a436f052d763457aed476fb2a87
SSDEEP

12288:hqpX2zPf0bvoLsU+FKN0fCskD1RtcnzepMqBCz3gI:cOPMrGL+FKNAe1RtkzepMqBCkI

Score

10^/10

ammyyadmin flawedammyy trojan

Malware Config

Targets

- Target
  
  18e6fbf3a7799ead04694742028458de_JaffaCakes118
- Size
  
  701KB
- MD5
  
  18e6fbf3a7799ead04694742028458de
- SHA1
  
  cc42326f7cd7d68bb4a5f78e6b9807bb1c92d6d5
- SHA256
  
  60797554cc5556d0a2e631d34a599a110b620cfdd2438a049ebe355699f510fa
- SHA512
  
  48ad9211e79b1e3f35b191a06d1f19f4c32291c598b21f117c8d6f90bd1ca18ab134d35c726405ab63a233c180e708ea23db2a436f052d763457aed476fb2a87
- SSDEEP
  
  12288:hqpX2zPf0bvoLsU+FKN0fCskD1RtcnzepMqBCz3gI:cOPMrGL+FKNAe1RtkzepMqBCkI
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan