Overview

overview

10

Static

static

10

AA_v3.5.exe

windows7-x64

10

AA_v3.5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AA_v3.5.exe

  • Size

    751KB

  • Sample

    241031-tff5ka1cqg

  • MD5

    5686a7032e37087f0fd082a04f727aad

  • SHA1

    341fee5256dcc259a3a566ca8f0260eb1e60d730

  • SHA256

    43bba98a64dd96cf0571f3d6dceafdc549cc3767a1beab6fe4a6e1fd3ddd3153

  • SHA512

    0ebd95b20ef54d047fdaec37cfb10e2c39ea9d63fa28d6a6848ec11b34a4c4ec5f7a8a430d81670461203b9e675ac4a32cac3da4a1c471f16e8d003c6dea3345

  • SSDEEP

    12288:oPO1fNZApVuCN7e/yalnM4RtjLDXcbOAS3snvVgbgJ:om1fN6pkCNa/yaq4RtjXcu3sSEJ

Score
10/10
ammyyadminflawedammyydiscoverytrojan

Malware Config

Targets

    • Target

      AA_v3.5.exe

    • Size

      751KB

    • MD5

      5686a7032e37087f0fd082a04f727aad

    • SHA1

      341fee5256dcc259a3a566ca8f0260eb1e60d730

    • SHA256

      43bba98a64dd96cf0571f3d6dceafdc549cc3767a1beab6fe4a6e1fd3ddd3153

    • SHA512

      0ebd95b20ef54d047fdaec37cfb10e2c39ea9d63fa28d6a6848ec11b34a4c4ec5f7a8a430d81670461203b9e675ac4a32cac3da4a1c471f16e8d003c6dea3345

    • SSDEEP

      12288:oPO1fNZApVuCN7e/yalnM4RtjLDXcbOAS3snvVgbgJ:om1fN6pkCNa/yaq4RtjXcu3sSEJ

    Score
    10/10
    flawedammyydiscoverytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Flawedammyy family

      flawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks