ammyyadmin | 2a7646bb36e0dde61f701dc12445d281bd4600dd64de349d25b8b86f62dd32cc | Triage

Sharing

General

Target

a4a14a930f42306c3fcb47d1f697bcca_JaffaCakes118
Size

390KB
Sample

241126-2789es1nar
MD5

a4a14a930f42306c3fcb47d1f697bcca
SHA1

83908bd90660034369227208376f8511ed6a574c
SHA256

2a7646bb36e0dde61f701dc12445d281bd4600dd64de349d25b8b86f62dd32cc
SHA512

f327a781f1c6058e649bbe30ab086e8ee4c4394efec8659fc74be9d07d400ef80181745865827dcdae5671bd2912fa7d307969cd66aef023acc83c248747fac2
SSDEEP

12288:CITBQefLgFPef7C2hzhTlJl9cA90D40cZ:PTue8FPef7CGF8A90IZ

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Malware Config

Targets

- Target
  
  AA_v3.exe
- Size
  
  774KB
- MD5
  
  79910ca3e3418acca4fa2f2e16bac1a3
- SHA1
  
  e2619c3d2580aa37c579835fdd3c5efee3f22412
- SHA256
  
  7aeab9459e2a833d56e474a23ab56bc66645a89ff8ef175050d8b0bed74d090e
- SHA512
  
  0e5ae373f2c1f9c8ba03338c2b5c520c6c1b1fa6ad38bcfa52f926634e1f65fac1cbd50af96c6e4d873424c38a1dd4c985d5fdc5de12a5827c76852340bffb5a
- SSDEEP
  
  12288:/Xe1Z2fJipMHEgSeA6M7kmchJGvRuORtcE9qTpy+Yg0HkV+QgM:ftkmHEgSewkmchJGsORtn9qT8+Yg03FM
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Flawedammyy family
  flawedammyy
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan