ammyyadmin | 83cff801ac8079dac80397faa70de6945d45f233296af3fc920cad7786248eaa | Triage

Sharing

General

Target

8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118
Size

651KB
Sample

240801-2rrdns1ajj
MD5

8209e8a107f543d85a5121c2d6a275d5
SHA1

c317c6da070436bf5b34f953f0ba89a3c447be81
SHA256

83cff801ac8079dac80397faa70de6945d45f233296af3fc920cad7786248eaa
SHA512

c043e692be3a9533b98335c08eb3701ddbb74022569c91213792ac6592fe6ca0fcaebf1138299bb16f9d1636329e9f5d0c85b069cd8b925d7f440d4249bcfc82
SSDEEP

12288:FaAXOKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6wiegC:reK+waI8JRQMEJ2rufRtse9rtv8zlri2

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Malware Config

Targets

- Target
  
  8209e8a107f543d85a5121c2d6a275d5_JaffaCakes118
- Size
  
  651KB
- MD5
  
  8209e8a107f543d85a5121c2d6a275d5
- SHA1
  
  c317c6da070436bf5b34f953f0ba89a3c447be81
- SHA256
  
  83cff801ac8079dac80397faa70de6945d45f233296af3fc920cad7786248eaa
- SHA512
  
  c043e692be3a9533b98335c08eb3701ddbb74022569c91213792ac6592fe6ca0fcaebf1138299bb16f9d1636329e9f5d0c85b069cd8b925d7f440d4249bcfc82
- SSDEEP
  
  12288:FaAXOKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6wiegC:reK+waI8JRQMEJ2rufRtse9rtv8zlri2
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan