ammyyadmin | 21bee7d02188387833f3ad000ee9a7117a1f0bd6f305f826fe1146a6724d06dd | Triage

Submit
Reports

Overview

overview

Static

static

ee7dd8bbd4...0N.exe

windows7-x64

ee7dd8bbd4...0N.exe

windows10-2004-x64

Sharing

General

Target

ee7dd8bbd4defb282eae880577fc6200N.exe
Size

955KB
Sample

240901-31kg6awfjh
MD5

ee7dd8bbd4defb282eae880577fc6200
SHA1

52269570cfa0efa466c9505b7f5538c8412cde70
SHA256

21bee7d02188387833f3ad000ee9a7117a1f0bd6f305f826fe1146a6724d06dd
SHA512

063a7bb45eda2c8e802107dc2c647a19b96733f645bc8da392ff2dc5fb9e4a514ca2f23a6a92c35e9b317de8a7a60429910baf9ce6569f0f9ea8179deaf20458
SSDEEP

24576:rMjPJ5g9KVGrdNikfu2hBfK8ilRty5olGJsx7:mJ5gEKNikf3hBfUiWx7

Score

10^/10

ammyyadmin discovery rat upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

ee7dd8bbd4defb282eae880577fc6200N.exe

Resource

win7-20240705-en

ammyyadmin discovery rat upx

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

ee7dd8bbd4defb282eae880577fc6200N.exe

Resource

win10v2004-20240802-en

ammyyadmin discovery rat upx

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Targets

- Target
  
  ee7dd8bbd4defb282eae880577fc6200N.exe
- Size
  
  955KB
- MD5
  
  ee7dd8bbd4defb282eae880577fc6200
- SHA1
  
  52269570cfa0efa466c9505b7f5538c8412cde70
- SHA256
  
  21bee7d02188387833f3ad000ee9a7117a1f0bd6f305f826fe1146a6724d06dd
- SHA512
  
  063a7bb45eda2c8e802107dc2c647a19b96733f645bc8da392ff2dc5fb9e4a514ca2f23a6a92c35e9b317de8a7a60429910baf9ce6569f0f9ea8179deaf20458
- SSDEEP
  
  24576:rMjPJ5g9KVGrdNikfu2hBfK8ilRty5olGJsx7:mJ5gEKNikf3hBfUiWx7
Score

10^/10

ammyyadmin discovery rat upx
- Ammyy Admin
  Remote admin tool with various capabilities.
  rat ammyyadmin
- AmmyyAdmin payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ammyyadmindiscoveryratupx

behavioral2

ammyyadmindiscoveryratupx

© 2018-2024

Terms | Privacy