Overview

overview

10

Static

static

10

AA_v3.5.exe

windows7-x64

10

AA_v3.5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6cd79002148a80635218dcc2da4736f0

  • Size

    335KB

  • Sample

    250103-qb52cayjfr

  • MD5

    6cd79002148a80635218dcc2da4736f0

  • SHA1

    18a4b94f18ac417fbe6f1c78dc990ef3804f4f6f

  • SHA256

    91e4c3aa21da30e0daaf5c918f8e4c9a66ce5aa70bbb8baaf7b9e4ba5faeccaa

  • SHA512

    393c1af5ffa7b0a67b4495c55f78160af4c7d8734de0b5f7e97b51764598b54e2831e6605c8bf0530f7dad940f9c9d0517e5fe73f04b4e826ddc0691c4705b08

  • SSDEEP

    6144:vmmiijDJLbgypC6iWHyF/k6Zqdiu90np4FjNmYOl5QdHDfp4:vmmnJLbJpBokoqku90np45NmYFfp4

Score
10/10
ammyyadminflawedammyydiscoverytrojan

Malware Config

Targets

    • Target

      AA_v3.5.exe

    • Size

      751KB

    • MD5

      1fc7c230d6db0d7a0da6f415da271159

    • SHA1

      e0bd10d83bc7b3f1eb628974a8f690ffda6e9351

    • SHA256

      7a836e718b70f586695d1bced9eacfb1aa1b67387b051d0536669754b391fe81

    • SHA512

      96d64cba5bf650066e54bcb84f13aabd1992811963ae2dd3530431e86bbc3230d673545953d35767fbf85f61d86b44170d61200d1ffb4f4945268bfc3a7b1403

    • SSDEEP

      12288:Tc1dZibTD9uOroAgeHvCUt4RtlTc+YNKpQsNvVd1gF:Tcc/DwOrZgeHv54Rt6+YNkQsNmF

    Score
    10/10
    flawedammyydiscoverytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Flawedammyy family

      flawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks