Overview

overview

10

Static

static

10

0650de7f9d...63.exe

windows7-x64

10

0650de7f9d...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0650de7f9dcb04f405921fe352a1076b70eea701423806badf1f647e5c88ee63

  • Size

    762KB

  • Sample

    241224-x1s7eavmfm

  • MD5

    b30ee6928ef5b59be30b5c9f30bb7b9b

  • SHA1

    392aa83957e187bee39933f11c6adccf9dc25cb6

  • SHA256

    0650de7f9dcb04f405921fe352a1076b70eea701423806badf1f647e5c88ee63

  • SHA512

    7caa832684a24302a6a84304a4c866d4b918205394734257473966c3811ae71f5fce3f7b3548f27180a684d2c5d40958e05cfcc89a11413e5e04530d7f3e3d16

  • SSDEEP

    12288:jX5PFc+E0SlpOvcC1KL/q/IZVURtCdshX5x8jR31QEY0VEoge:dP++ZSlpOUC1KT4+URtYshX5aRlQEYte

Score
10/10
ammyyadminflawedammyydiscoveryrattrojan

Malware Config

Targets

    • Target

      0650de7f9dcb04f405921fe352a1076b70eea701423806badf1f647e5c88ee63

    • Size

      762KB

    • MD5

      b30ee6928ef5b59be30b5c9f30bb7b9b

    • SHA1

      392aa83957e187bee39933f11c6adccf9dc25cb6

    • SHA256

      0650de7f9dcb04f405921fe352a1076b70eea701423806badf1f647e5c88ee63

    • SHA512

      7caa832684a24302a6a84304a4c866d4b918205394734257473966c3811ae71f5fce3f7b3548f27180a684d2c5d40958e05cfcc89a11413e5e04530d7f3e3d16

    • SSDEEP

      12288:jX5PFc+E0SlpOvcC1KL/q/IZVURtCdshX5x8jR31QEY0VEoge:dP++ZSlpOUC1KT4+URtYshX5aRlQEYte

    Score
    10/10
    ammyyadminflawedammyydiscoveryrattrojan

    • Ammyy Admin

      Remote admin tool with various capabilities.

      ratammyyadmin

    • AmmyyAdmin payload

    • Ammyyadmin family

      ammyyadmin

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Flawedammyy family

      flawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks