ammyyadmin | 52e24fff0caae64471528148c7dbf3d2fbbe85a3aa501a4f13b514d64900ae3f | Triage

Submit
Reports

Overview

overview

Static

static

beeec96909...18.exe

windows7-x64

beeec96909...18.exe

windows10-2004-x64

Sharing

General

Target

beeec969093ab86761889dc3416fde16_JaffaCakes118
Size

748KB
Sample

240824-ta18jsxeme
MD5

beeec969093ab86761889dc3416fde16
SHA1

37347e3ba9ff8b712a988664d6de0a65976de059
SHA256

52e24fff0caae64471528148c7dbf3d2fbbe85a3aa501a4f13b514d64900ae3f
SHA512

645a281ab605dca21a8bf06d75094130311aa6bcf62496755be34dc6747d4a4155464a6c6c9e6550a18a92b615a8c93acb61771dfb4afcd8cad06133f72d2860
SSDEEP

12288:/VFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV/gK:PUEUUw9RaTNicBrPFRtJ1iVTsCIK

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

beeec969093ab86761889dc3416fde16_JaffaCakes118.exe

Resource

win7-20240729-en

flawedammyy discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

beeec969093ab86761889dc3416fde16_JaffaCakes118.exe

Resource

win10v2004-20240802-en

flawedammyy discovery trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  beeec969093ab86761889dc3416fde16_JaffaCakes118
- Size
  
  748KB
- MD5
  
  beeec969093ab86761889dc3416fde16
- SHA1
  
  37347e3ba9ff8b712a988664d6de0a65976de059
- SHA256
  
  52e24fff0caae64471528148c7dbf3d2fbbe85a3aa501a4f13b514d64900ae3f
- SHA512
  
  645a281ab605dca21a8bf06d75094130311aa6bcf62496755be34dc6747d4a4155464a6c6c9e6550a18a92b615a8c93acb61771dfb4afcd8cad06133f72d2860
- SSDEEP
  
  12288:/VFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV/gK:PUEUUw9RaTNicBrPFRtJ1iVTsCIK
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan

© 2018-2024

Terms | Privacy