ammyyadmin | 432b8efe51e51b684307ef832bde5a3620aefad51d5ec33a561a5eb3cf5569c5 | Triage

Submit
Reports

Overview

overview

Static

static

644458de4a...18.exe

windows7-x64

644458de4a...18.exe

windows10-2004-x64

Sharing

General

Target

644458de4a05f93d6d55e5e896926036_JaffaCakes118
Size

705KB
Sample

240722-wx8x1szhja
MD5

644458de4a05f93d6d55e5e896926036
SHA1

0cd0d998db4fe3f37458ac69aeb0e19783d3166d
SHA256

432b8efe51e51b684307ef832bde5a3620aefad51d5ec33a561a5eb3cf5569c5
SHA512

4d1014c13538b2d05788e4c50421790e3c5e0d2c3a43262145c45b83e74f4e8fecdcfc050ad6ae06a1a762df5f267d654a1b8990676291327cfcfafee9b656f9
SSDEEP

12288:Rhjun1eaHjs7C8la0n9lp9Dkb1RtgA93ykM+TZtC3lgk:vqeOs7C840n9lpG1Rtb93IKZtfk

Score

10^/10

ammyyadmin flawedammyy rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

644458de4a05f93d6d55e5e896926036_JaffaCakes118.exe

Resource

win7-20240704-en

ammyyadmin flawedammyy rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

644458de4a05f93d6d55e5e896926036_JaffaCakes118.exe

Resource

win10v2004-20240709-en

ammyyadmin flawedammyy rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  644458de4a05f93d6d55e5e896926036_JaffaCakes118
- Size
  
  705KB
- MD5
  
  644458de4a05f93d6d55e5e896926036
- SHA1
  
  0cd0d998db4fe3f37458ac69aeb0e19783d3166d
- SHA256
  
  432b8efe51e51b684307ef832bde5a3620aefad51d5ec33a561a5eb3cf5569c5
- SHA512
  
  4d1014c13538b2d05788e4c50421790e3c5e0d2c3a43262145c45b83e74f4e8fecdcfc050ad6ae06a1a762df5f267d654a1b8990676291327cfcfafee9b656f9
- SSDEEP
  
  12288:Rhjun1eaHjs7C8la0n9lp9Dkb1RtgA93ykM+TZtC3lgk:vqeOs7C840n9lpG1Rtb93IKZtfk
Score

10^/10

ammyyadmin flawedammyy rat trojan
- Ammyy Admin
  Remote admin tool with various capabilities.
  rat ammyyadmin
- AmmyyAdmin payload
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ammyyadminflawedammyyrattrojan

behavioral2

ammyyadminflawedammyyrattrojan

© 2018-2024

Terms | Privacy