Overview

overview

10

Static

static

10

56a2607d9c...0N.exe

windows7-x64

10

56a2607d9c...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56a2607d9c2dbc6f1d0aa238a617fdb8b57e812c7591082d198e0da06af7d6a0N

  • Size

    755KB

  • Sample

    241102-ttnfsszbpm

  • MD5

    206a9c8f94cc386e8828a667e1b57950

  • SHA1

    3c9731cd31ec8b75962502aaa042bb1f8e51ed2e

  • SHA256

    56a2607d9c2dbc6f1d0aa238a617fdb8b57e812c7591082d198e0da06af7d6a0

  • SHA512

    5172219a65f6e8dbbadf9c833e3aebe498c6b2ed3b90f419b051f6ad47f0ab40a4b67681759caa531669cb774f34cfee993a660e65576233f1db01f3b11b4766

  • SSDEEP

    12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z

Score
10/10
ammyyadminflawedammyydiscoveryrattrojan

Malware Config

Targets

    • Target

      56a2607d9c2dbc6f1d0aa238a617fdb8b57e812c7591082d198e0da06af7d6a0N

    • Size

      755KB

    • MD5

      206a9c8f94cc386e8828a667e1b57950

    • SHA1

      3c9731cd31ec8b75962502aaa042bb1f8e51ed2e

    • SHA256

      56a2607d9c2dbc6f1d0aa238a617fdb8b57e812c7591082d198e0da06af7d6a0

    • SHA512

      5172219a65f6e8dbbadf9c833e3aebe498c6b2ed3b90f419b051f6ad47f0ab40a4b67681759caa531669cb774f34cfee993a660e65576233f1db01f3b11b4766

    • SSDEEP

      12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z

    Score
    10/10
    ammyyadminflawedammyydiscoveryrattrojan

    • Ammyy Admin

      Remote admin tool with various capabilities.

      ratammyyadmin

    • AmmyyAdmin payload

    • Ammyyadmin family

      ammyyadmin

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Flawedammyy family

      flawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks