Overview

overview

10

Static

static

10

AA_v31.exe

windows7-x64

10

AA_v31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AA_v31.exe

  • Size

    776KB

  • Sample

    241031-t5z9qssqbq

  • MD5

    4d4c220362f24e0ba72797572e447795

  • SHA1

    9f902124218892aa5d61594fe7a9d524a7e7cc08

  • SHA256

    bc483e6acdf276b57bb87317962c0091bb1421e61fa3306490b5858eabc61320

  • SHA512

    b4eb3a17efc6626c92446387fc41a1f0c616832a8ea9fe5532fb9869590b8b188c97404de6aba566fd25f126238fe6d45f874659bcc003d2092436142008b9ee

  • SSDEEP

    24576:B3YRddOnSok4fx2j2z5kMNbsRtrxc130jvs:+RenlHx2j2zxlkpj0

Score
10/10
ammyyadminflawedammyydiscoverytrojan

Malware Config

Targets

    • Target

      AA_v31.exe

    • Size

      776KB

    • MD5

      4d4c220362f24e0ba72797572e447795

    • SHA1

      9f902124218892aa5d61594fe7a9d524a7e7cc08

    • SHA256

      bc483e6acdf276b57bb87317962c0091bb1421e61fa3306490b5858eabc61320

    • SHA512

      b4eb3a17efc6626c92446387fc41a1f0c616832a8ea9fe5532fb9869590b8b188c97404de6aba566fd25f126238fe6d45f874659bcc003d2092436142008b9ee

    • SSDEEP

      24576:B3YRddOnSok4fx2j2z5kMNbsRtrxc130jvs:+RenlHx2j2zxlkpj0

    Score
    10/10
    flawedammyydiscoverytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Flawedammyy family

      flawedammyy

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks