Overview

overview

10

Static

static

10

47a1a965b8...f1.exe

windows7-x64

10

47a1a965b8...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47a1a965b80da9561f8433e31fddb685fe510c9ebab417097acd06cfbb3fc9f1.exe

  • Size

    720KB

  • Sample

    250121-mvk9hazkes

  • MD5

    9643383165c87cb7bc975d850efcb93c

  • SHA1

    dce852125b8853660733b3453e70a79dd3aaf371

  • SHA256

    47a1a965b80da9561f8433e31fddb685fe510c9ebab417097acd06cfbb3fc9f1

  • SHA512

    881603ea36e781c373399b6dc8b994af72744e7dcaaee40e5ded70829468b7c925e77ca7f2cb157ea56a981be4d91055af600f242f8fcf5cfc9f3123c163b5ea

  • SSDEEP

    12288:tYdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzago:edNikfu2hBfK8ilRty5olGJsxNo

Score
10/10
ammyyadminflawedammyydiscoveryrattrojan

Malware Config

Targets

    • Target

      47a1a965b80da9561f8433e31fddb685fe510c9ebab417097acd06cfbb3fc9f1.exe

    • Size

      720KB

    • MD5

      9643383165c87cb7bc975d850efcb93c

    • SHA1

      dce852125b8853660733b3453e70a79dd3aaf371

    • SHA256

      47a1a965b80da9561f8433e31fddb685fe510c9ebab417097acd06cfbb3fc9f1

    • SHA512

      881603ea36e781c373399b6dc8b994af72744e7dcaaee40e5ded70829468b7c925e77ca7f2cb157ea56a981be4d91055af600f242f8fcf5cfc9f3123c163b5ea

    • SSDEEP

      12288:tYdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzago:edNikfu2hBfK8ilRty5olGJsxNo

    Score
    10/10
    ammyyadminflawedammyydiscoveryrattrojan

    • Ammyy Admin

      Remote admin tool with various capabilities.

      ratammyyadmin

    • AmmyyAdmin payload

    • Ammyyadmin family

      ammyyadmin

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

      trojanflawedammyy

    • Flawedammyy family

      flawedammyy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks