General
-
Target
MDE_File_Sample_050b7eba825412b24e3f02d76d7da5ae97e10502.zip
-
Size
424KB
-
Sample
250115-sbyndaxmfp
-
MD5
33b8e032a8e8a2336d3ac91916acdb85
-
SHA1
682ac5bfbe01633854670e2dba5cd1c108c40b7b
-
SHA256
23da52f1f639e19c4fd6494c8858efbb75321b2424e1a162f9146607102d6482
-
SHA512
d69b82993405571ca8aa89c3bb054c89ee5b6af26fd1b489dd2f8df43e561b91dc2d978ee6ca3923f53f8dc70419f11d617b7f2d0d50003aeb18d663270b0c1c
-
SSDEEP
6144:DHZe8QrJS/sVebaJS3TJI1UCfygv7TEfuJaR+weHpCMvwyQZ/aIJ66PueapTU4e9:Dgrro/dOJS31GouzIc6Vaq5
Malware Config
Targets
-
-
Target
MDE_File_Sample_050b7eba825412b24e3f02d76d7da5ae97e10502.zip
-
Size
424KB
-
MD5
33b8e032a8e8a2336d3ac91916acdb85
-
SHA1
682ac5bfbe01633854670e2dba5cd1c108c40b7b
-
SHA256
23da52f1f639e19c4fd6494c8858efbb75321b2424e1a162f9146607102d6482
-
SHA512
d69b82993405571ca8aa89c3bb054c89ee5b6af26fd1b489dd2f8df43e561b91dc2d978ee6ca3923f53f8dc70419f11d617b7f2d0d50003aeb18d663270b0c1c
-
SSDEEP
6144:DHZe8QrJS/sVebaJS3TJI1UCfygv7TEfuJaR+weHpCMvwyQZ/aIJ66PueapTU4e9:Dgrro/dOJS31GouzIc6Vaq5
Score10/10-
Ammyy Admin
Remote admin tool with various capabilities.
-
AmmyyAdmin payload
-
Ammyyadmin family
-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-