ammyyadmin | 5c45a30fa57a53d73239dc64dbe8e9abcaaa29e95c37e66b91cab7fa002888ec | Triage

Sharing

General

Target

2fa3823f28a02e5910abc38aa65cb63a_JaffaCakes118
Size

718KB
Sample

241009-mqcrkavfre
MD5

2fa3823f28a02e5910abc38aa65cb63a
SHA1

cc7dad8158d13d52b008d17118219426439fdfed
SHA256

5c45a30fa57a53d73239dc64dbe8e9abcaaa29e95c37e66b91cab7fa002888ec
SHA512

f5d716cb14e43762ed115f355fc75efce352b60bbefb37d415e47ca064264ce073430422c1c7f8cccbbaaa58083247dd47b7282e0077e6f9d0e67adff3b0cee6
SSDEEP

12288:qIORj+BrZtiSngkkjvpPF2mpirqd72WtghLTkRpPq1RtlVIt7/4Fe7zsvpZQjhf3:tuA7yWu72/MRc1RtDItD17z0ZQKY

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Malware Config

Targets

- Target
  
  2fa3823f28a02e5910abc38aa65cb63a_JaffaCakes118
- Size
  
  718KB
- MD5
  
  2fa3823f28a02e5910abc38aa65cb63a
- SHA1
  
  cc7dad8158d13d52b008d17118219426439fdfed
- SHA256
  
  5c45a30fa57a53d73239dc64dbe8e9abcaaa29e95c37e66b91cab7fa002888ec
- SHA512
  
  f5d716cb14e43762ed115f355fc75efce352b60bbefb37d415e47ca064264ce073430422c1c7f8cccbbaaa58083247dd47b7282e0077e6f9d0e67adff3b0cee6
- SSDEEP
  
  12288:qIORj+BrZtiSngkkjvpPF2mpirqd72WtghLTkRpPq1RtlVIt7/4Fe7zsvpZQjhf3:tuA7yWu72/MRc1RtDItD17z0ZQKY
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan