ammyyadmin | 5767921da620f5755d8ebb63c78fa3c2806003eede39253806813724e62f632a | Triage

Sharing

General

Target

JaffaCakes118_2104f66da494fb2cac8d654f02cd85d7
Size

709KB
Sample

250124-nrm5cswphx
MD5

2104f66da494fb2cac8d654f02cd85d7
SHA1

98e44b9c65c15384da664d1b548e408b486e47bc
SHA256

5767921da620f5755d8ebb63c78fa3c2806003eede39253806813724e62f632a
SHA512

24cebfda8f1b90bc542f19d3c0ae8e7b51771c4e7e5b2fd2560dec1866b74f1172d85a6dbbf809a5f5bb9ecbac6a25db3477e8eec2fdb2d5f55fe4470b1555dc
SSDEEP

12288:J/VanOH+kAX8CrJpc4+9djmLfN971Rtc3MmylZDaehlJgJ:faOH+kbCr/c4+9hm7r1Rt4MmylZDV6J

Score

10^/10

ammyyadmin flawedammyy discovery trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_2104f66da494fb2cac8d654f02cd85d7
- Size
  
  709KB
- MD5
  
  2104f66da494fb2cac8d654f02cd85d7
- SHA1
  
  98e44b9c65c15384da664d1b548e408b486e47bc
- SHA256
  
  5767921da620f5755d8ebb63c78fa3c2806003eede39253806813724e62f632a
- SHA512
  
  24cebfda8f1b90bc542f19d3c0ae8e7b51771c4e7e5b2fd2560dec1866b74f1172d85a6dbbf809a5f5bb9ecbac6a25db3477e8eec2fdb2d5f55fe4470b1555dc
- SSDEEP
  
  12288:J/VanOH+kAX8CrJpc4+9djmLfN971Rtc3MmylZDaehlJgJ:faOH+kbCr/c4+9hm7r1Rt4MmylZDV6J
Score

10^/10

flawedammyy discovery trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Flawedammyy family
  flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyydiscoverytrojan

behavioral2

flawedammyydiscoverytrojan