ammyyadmin | 81612bba0aff6ead3de6eb5c9a74c0d88c94f4c6e35ca15efccfcb221392f7a6 | Triage

Submit
Reports

Overview

overview

Static

static

AA_v3.5.exe

windows7-x64

AA_v3.5.exe

windows10-2004-x64

Sharing

General

Target

AA_v3.5.rar
Size

337KB
Sample

250116-l6nckavqg1
MD5

81eb73c9608b9feb7ce50fd07a0af556
SHA1

1602995e7233d1f2cce9a12e321148aef5458ecb
SHA256

81612bba0aff6ead3de6eb5c9a74c0d88c94f4c6e35ca15efccfcb221392f7a6
SHA512

18fde04ddde4cad6f569a80dce25fc42165fd750836b30645169596611159fded60c1420611105087a948441f5027e9d7c81e39e847ecbabaf8d24ef408bb298
SSDEEP

6144:F6Rw6bn0JTTiTR9W5mkPXSpC4oQFpZ8PJ+cOrifOyXuPPRaxjyTxsZGo5BH:F6R6TuTPW5mk5re8Pz9XuQ6QGoX

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

AA_v3.5.exe

Resource

win7-20240903-en

flawedammyy discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

AA_v3.5.exe

Resource

win10v2004-20241007-en

flawedammyy discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  AA_v3.5.exe
- Size
  
  746KB
- MD5
  
  f8cd52b70a11a1fb3f29c6f89ff971ec
- SHA1
  
  6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
- SHA256
  
  6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
- SHA512
  
  987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe
- SSDEEP
  
  12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Flawedammyy family
  flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan

© 2018-2025

Terms | Privacy