ammyyadmin | c06772a670fe75743120be30722d985d2e98d8af909b60ba7faaeb0ee9867646 | Triage

Submit
Reports

Overview

overview

Static

static

1e874df2ee...18.exe

windows7-x64

1e874df2ee...18.exe

windows10-2004-x64

Sharing

General

Target

1e874df2ee8682a263ced01f36abc5b5_JaffaCakes118
Size

700KB
Sample

241007-3zmwwsshla
MD5

1e874df2ee8682a263ced01f36abc5b5
SHA1

f105b9eccc8fbc38e550e0b4d39a27ff71c49d70
SHA256

c06772a670fe75743120be30722d985d2e98d8af909b60ba7faaeb0ee9867646
SHA512

3e4e3f557a7adacfefb067bb27d2e3b5a0d1c5300af62a93bfe2729616a5a0f6106cd8057ab6015edbb0a1bb2e7f36b378e93edf57692e0ba853a58d7df13a1b
SSDEEP

12288:lhjun1eaHjs7C8la0n9lp9Dkb1RtgA93ykM+TZtC3igL:zqeOs7C840n9lpG1Rtb93IKZtuL

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1e874df2ee8682a263ced01f36abc5b5_JaffaCakes118.exe

Resource

win7-20240903-en

flawedammyy discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e874df2ee8682a263ced01f36abc5b5_JaffaCakes118.exe

Resource

win10v2004-20241007-en

flawedammyy discovery trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1e874df2ee8682a263ced01f36abc5b5_JaffaCakes118
- Size
  
  700KB
- MD5
  
  1e874df2ee8682a263ced01f36abc5b5
- SHA1
  
  f105b9eccc8fbc38e550e0b4d39a27ff71c49d70
- SHA256
  
  c06772a670fe75743120be30722d985d2e98d8af909b60ba7faaeb0ee9867646
- SHA512
  
  3e4e3f557a7adacfefb067bb27d2e3b5a0d1c5300af62a93bfe2729616a5a0f6106cd8057ab6015edbb0a1bb2e7f36b378e93edf57692e0ba853a58d7df13a1b
- SSDEEP
  
  12288:lhjun1eaHjs7C8la0n9lp9Dkb1RtgA93ykM+TZtC3igL:zqeOs7C840n9lpG1Rtb93IKZtuL
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan

© 2018-2024

Terms | Privacy