Overview

overview

10

Static

static

10

126a57040b...1N.exe

windows7-x64

10

126a57040b...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    126a57040b5fa867b6b0e851569ad48ecfac90ff547c3fb5f0aee4a6601d08b1N.exe

  • Size

    768KB

  • Sample

    250112-xhxf4strcz

  • MD5

    a93eeb5fc2c4ba7d97d8351fb0cb7190

  • SHA1

    67bfc742acc1c2cf9d9a5f2d0f3b01829388ce44

  • SHA256

    126a57040b5fa867b6b0e851569ad48ecfac90ff547c3fb5f0aee4a6601d08b1

  • SHA512

    1282356db54bc7fc1af2a708d07bf7844544cbcec745111737ac4435c353e8f4b94703abc8bd842f482e1dfbedfdabf9f917f524fa3196d49da43ea367f7556c

  • SSDEEP

    12288:ngby1pKmZmjrWinaxABtyZPyoOOORtfWV5gk3VP0nkVg3gX:Yy1pVmjrWivBtyZPy2ORt+V5ggVP0tQX

Score
10/10
ammyyadminflawedammyydiscoverytrojan

Malware Config

Targets

    • Target

      126a57040b5fa867b6b0e851569ad48ecfac90ff547c3fb5f0aee4a6601d08b1N.exe

    • Size

      768KB

    • MD5

      a93eeb5fc2c4ba7d97d8351fb0cb7190

    • SHA1

      67bfc742acc1c2cf9d9a5f2d0f3b01829388ce44

    • SHA256

      126a57040b5fa867b6b0e851569ad48ecfac90ff547c3fb5f0aee4a6601d08b1

    • SHA512

      1282356db54bc7fc1af2a708d07bf7844544cbcec745111737ac4435c353e8f4b94703abc8bd842f482e1dfbedfdabf9f917f524fa3196d49da43ea367f7556c

    • SSDEEP

      12288:ngby1pKmZmjrWinaxABtyZPyoOOORtfWV5gk3VP0nkVg3gX:Yy1pVmjrWivBtyZPy2ORt+V5ggVP0tQX

    Score
    10/10
    flawedammyydiscoverytrojan

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Flawedammyy family

      flawedammyy

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks