General
-
Target
4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c
-
Size
306KB
-
Sample
250212-2wr6rszjcr
-
MD5
1eef4d3f5b8d2094ffeeb683b81bf514
-
SHA1
085f744ae5a59616d0ed18e574c379c3731f362f
-
SHA256
4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c
-
SHA512
50bf2bb6d028a4785ef2d23bcd965f721326e99581f50fc304f13e2c78386b8d2e97235164686ac95ac2c9789602a358a240f9de4adfaeee3fb7120efe2a868f
-
SSDEEP
6144:nBu/emAB6ghBUhnV6Gae6zjunPGxnRgXukHu48hBWTntyFy4kog9x1ciqUzkhUyU:8/eBuX61eUc+gO4zkfmKiqUzkeyZm
Malware Config
Targets
-
-
Target
AMMYY_Admin.exe
-
Size
651KB
-
MD5
b730e7b8f3eebd51dc21d7997313b890
-
SHA1
57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa
-
SHA256
e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a
-
SHA512
05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d
-
SSDEEP
12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3
Score10/10-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1