ammyyadmin | 172ccd7a05670e06f4dfe6573418b4e1377cf3a7cd1e02a6f69030c9e37f17a6

General

Target

172ccd7a05670e06f4dfe6573418b4e1377cf3a7cd1e02a6f69030c9e37f17a6N.exe
Size

720KB
Sample

250120-jec2eaylew
MD5

0b2f70657111edc438cedbf6f329b750
SHA1

5b003bc40778186bbe298ddc51fe39648ec27068
SHA256

172ccd7a05670e06f4dfe6573418b4e1377cf3a7cd1e02a6f69030c9e37f17a6
SHA512

03dc71e0811c0cafb07be20382e0f5f2fefa145ce8a426bda5f2fc76b6097605cd03ba1ef4aba4a43dddeb2b04fafc4f69b38f38b71f8876748a2f876901c5c6
SSDEEP

12288:tYdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzag:edNikfu2hBfK8ilRty5olGJsxN

Score

10^/10

Malware Config

Targets

- Target
  
  172ccd7a05670e06f4dfe6573418b4e1377cf3a7cd1e02a6f69030c9e37f17a6N.exe
- Size
  
  720KB
- MD5
  
  0b2f70657111edc438cedbf6f329b750
- SHA1
  
  5b003bc40778186bbe298ddc51fe39648ec27068
- SHA256
  
  172ccd7a05670e06f4dfe6573418b4e1377cf3a7cd1e02a6f69030c9e37f17a6
- SHA512
  
  03dc71e0811c0cafb07be20382e0f5f2fefa145ce8a426bda5f2fc76b6097605cd03ba1ef4aba4a43dddeb2b04fafc4f69b38f38b71f8876748a2f876901c5c6
- SSDEEP
  
  12288:tYdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzag:edNikfu2hBfK8ilRty5olGJsxN
Score

10^/10

ammyyadmin flawedammyy discovery rat trojan
- Ammyy Admin
  Remote admin tool with various capabilities.
  rat ammyyadmin
- AmmyyAdmin payload
- Ammyyadmin family
  ammyyadmin
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Flawedammyy family
  flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ammyy Admin

AmmyyAdmin payload

Ammyyadmin family

FlawedAmmyy RAT

Flawedammyy family

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2