ammyyadmin | a9d30e9467e19dfb0dac7a925809b5c52c686977392ef45c9939022c5ff8c8b9 | Triage

Submit
Reports

Overview

overview

Static

static

ae1609bbc9...18.exe

windows7-x64

ae1609bbc9...18.exe

windows10-2004-x64

Sharing

General

Target

ae1609bbc9632bc4c049412c34ce100a_JaffaCakes118
Size

716KB
Sample

241129-a5r4kswqgx
MD5

ae1609bbc9632bc4c049412c34ce100a
SHA1

9fda0f6140e77b1479ee9829190ff7ecf021601c
SHA256

a9d30e9467e19dfb0dac7a925809b5c52c686977392ef45c9939022c5ff8c8b9
SHA512

2100a62c0d10da4d2fc9944f2930edd2d13e751457f4bc4736a8b3c199b6a4f359242a011863a42fa6a5c61e95441bb3855b986f56d28963dbcc70c822ec06d8
SSDEEP

12288:u2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hlgN:uSIp2Ydd6SVcpz1RtXpGadsbSeN

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ae1609bbc9632bc4c049412c34ce100a_JaffaCakes118.exe

Resource

win7-20240903-en

flawedammyy discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae1609bbc9632bc4c049412c34ce100a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

flawedammyy discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  ae1609bbc9632bc4c049412c34ce100a_JaffaCakes118
- Size
  
  716KB
- MD5
  
  ae1609bbc9632bc4c049412c34ce100a
- SHA1
  
  9fda0f6140e77b1479ee9829190ff7ecf021601c
- SHA256
  
  a9d30e9467e19dfb0dac7a925809b5c52c686977392ef45c9939022c5ff8c8b9
- SHA512
  
  2100a62c0d10da4d2fc9944f2930edd2d13e751457f4bc4736a8b3c199b6a4f359242a011863a42fa6a5c61e95441bb3855b986f56d28963dbcc70c822ec06d8
- SSDEEP
  
  12288:u2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hlgN:uSIp2Ydd6SVcpz1RtXpGadsbSeN
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Flawedammyy family
  flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan

© 2018-2024

Terms | Privacy