General
-
Target
AA_v3.exe
-
Size
782KB
-
Sample
240912-tsnp6stckf
-
MD5
390ddaff20160396e7490b239b4cad9b
-
SHA1
44c10c691fc2639b3436abe8dc25542ff5a73067
-
SHA256
357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570
-
SHA512
fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b
-
SSDEEP
12288:bWJDVSwZtyHFaMhY1SPEKH0OERt4PMsajW0pSEV3fugE:q7FZtoFaiY1SsKpERtMMRy0ptf7E
Behavioral task
behavioral1
Sample
AA_v3.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
AA_v3.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
AA_v3.exe
-
Size
782KB
-
MD5
390ddaff20160396e7490b239b4cad9b
-
SHA1
44c10c691fc2639b3436abe8dc25542ff5a73067
-
SHA256
357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570
-
SHA512
fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b
-
SSDEEP
12288:bWJDVSwZtyHFaMhY1SPEKH0OERt4PMsajW0pSEV3fugE:q7FZtoFaiY1SsKpERtMMRy0ptf7E
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-