ammyyadmin | 2408c9b2932c10af7485c58bafde8c85e202f476bf226e973219554461918efd | Triage

Sharing

General

Target

bac69b8058800984cf42648b4580329d_JaffaCakes118
Size

652KB
Sample

241202-3v4nvayqgt
MD5

bac69b8058800984cf42648b4580329d
SHA1

be5017b00f9e70935b335c8cc98e197829bcce41
SHA256

2408c9b2932c10af7485c58bafde8c85e202f476bf226e973219554461918efd
SHA512

85c3f7c30da74adcd41ba82b1802556043fce2b6d1067424e4848a9c65fcd4e4459b7f8500e1a9ba4df739f9db09a95ac0775426da0ddfa7675ec0ea0f969423
SSDEEP

12288:WaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6IilgB:qkK+waI8JRQMEJ2rufRtse9rtv8zlziA

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Malware Config

Targets

- Target
  
  bac69b8058800984cf42648b4580329d_JaffaCakes118
- Size
  
  652KB
- MD5
  
  bac69b8058800984cf42648b4580329d
- SHA1
  
  be5017b00f9e70935b335c8cc98e197829bcce41
- SHA256
  
  2408c9b2932c10af7485c58bafde8c85e202f476bf226e973219554461918efd
- SHA512
  
  85c3f7c30da74adcd41ba82b1802556043fce2b6d1067424e4848a9c65fcd4e4459b7f8500e1a9ba4df739f9db09a95ac0775426da0ddfa7675ec0ea0f969423
- SSDEEP
  
  12288:WaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6IilgB:qkK+waI8JRQMEJ2rufRtse9rtv8zlziA
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Flawedammyy family
  flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan