ammyyadmin | 6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20 | Triage

Sharing

General

Target

AA_v3.5.exe
Size

746KB
Sample

241016-tykwgazaja
MD5

f8cd52b70a11a1fb3f29c6f89ff971ec
SHA1

6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
SHA256

6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
SHA512

987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe
SSDEEP

12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Malware Config

Targets

- Target
  
  AA_v3.5.exe
- Size
  
  746KB
- MD5
  
  f8cd52b70a11a1fb3f29c6f89ff971ec
- SHA1
  
  6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
- SHA256
  
  6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
- SHA512
  
  987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe
- SSDEEP
  
  12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan