ammyyadmin | dffb2a4f8f65c2792a4f9cd223e834321a3c95e005c234f1ff0de567340d3935 | Triage

Submit
Reports

Overview

overview

Static

static

dffb2a4f8f...35.exe

windows7-x64

dffb2a4f8f...35.exe

windows10-2004-x64

Sharing

General

Target

dffb2a4f8f65c2792a4f9cd223e834321a3c95e005c234f1ff0de567340d3935
Size

720KB
Sample

250122-mkzdda1rhs
MD5

65b172782afd43866f06256a6f4085a8
SHA1

2867ae70390c9ae7da0e61bf46aecd2955a5dd8f
SHA256

dffb2a4f8f65c2792a4f9cd223e834321a3c95e005c234f1ff0de567340d3935
SHA512

b0a8946f3d3d0bb913137ecb5e0353fabd0bbde4a66a7daf6e8a11f07ed41ed31f737d32e6ce688a0d58a56adb490f03b44b79d6e5c8293457a070dd8735b1ed
SSDEEP

12288:KzJUxbtiiTHRJuEkQO7EwC2ZwFRtAdRXRryd+sq1zkgqPE:K9oNTHRz/O7rT6FRteRXR2IsqzqPE

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

dffb2a4f8f65c2792a4f9cd223e834321a3c95e005c234f1ff0de567340d3935.exe

Resource

win7-20240903-en

flawedammyy discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

dffb2a4f8f65c2792a4f9cd223e834321a3c95e005c234f1ff0de567340d3935.exe

Resource

win10v2004-20241007-en

flawedammyy discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  dffb2a4f8f65c2792a4f9cd223e834321a3c95e005c234f1ff0de567340d3935
- Size
  
  720KB
- MD5
  
  65b172782afd43866f06256a6f4085a8
- SHA1
  
  2867ae70390c9ae7da0e61bf46aecd2955a5dd8f
- SHA256
  
  dffb2a4f8f65c2792a4f9cd223e834321a3c95e005c234f1ff0de567340d3935
- SHA512
  
  b0a8946f3d3d0bb913137ecb5e0353fabd0bbde4a66a7daf6e8a11f07ed41ed31f737d32e6ce688a0d58a56adb490f03b44b79d6e5c8293457a070dd8735b1ed
- SSDEEP
  
  12288:KzJUxbtiiTHRJuEkQO7EwC2ZwFRtAdRXRryd+sq1zkgqPE:K9oNTHRz/O7rT6FRteRXR2IsqzqPE
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Flawedammyy family
  flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan

© 2018-2025

Terms | Privacy