General

  • Target

    AA_v3.exe

  • Size

    782KB

  • Sample

    240912-tsnp6stckf

  • MD5

    390ddaff20160396e7490b239b4cad9b

  • SHA1

    44c10c691fc2639b3436abe8dc25542ff5a73067

  • SHA256

    357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570

  • SHA512

    fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b

  • SSDEEP

    12288:bWJDVSwZtyHFaMhY1SPEKH0OERt4PMsajW0pSEV3fugE:q7FZtoFaiY1SsKpERtMMRy0ptf7E

Malware Config

Targets

    • Target

      AA_v3.exe

    • Size

      782KB

    • MD5

      390ddaff20160396e7490b239b4cad9b

    • SHA1

      44c10c691fc2639b3436abe8dc25542ff5a73067

    • SHA256

      357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570

    • SHA512

      fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b

    • SSDEEP

      12288:bWJDVSwZtyHFaMhY1SPEKH0OERt4PMsajW0pSEV3fugE:q7FZtoFaiY1SsKpERtMMRy0ptf7E

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks