General

  • Target

    4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c

  • Size

    306KB

  • Sample

    250212-2wr6rszjcr

  • MD5

    1eef4d3f5b8d2094ffeeb683b81bf514

  • SHA1

    085f744ae5a59616d0ed18e574c379c3731f362f

  • SHA256

    4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c

  • SHA512

    50bf2bb6d028a4785ef2d23bcd965f721326e99581f50fc304f13e2c78386b8d2e97235164686ac95ac2c9789602a358a240f9de4adfaeee3fb7120efe2a868f

  • SSDEEP

    6144:nBu/emAB6ghBUhnV6Gae6zjunPGxnRgXukHu48hBWTntyFy4kog9x1ciqUzkhUyU:8/eBuX61eUc+gO4zkfmKiqUzkeyZm

Malware Config

Targets

    • Target

      AMMYY_Admin.exe

    • Size

      651KB

    • MD5

      b730e7b8f3eebd51dc21d7997313b890

    • SHA1

      57ef7a2d07f3703f84c1d7ad33e34e550d23a6fa

    • SHA256

      e4a87095c27219afe9c7a3cb01c13de899e201d2340748a5fc446207c8f99b2a

    • SHA512

      05e87e0ac0e6c097cec3e3801c66752f1a69bd3f8b732062b16596fd4e46388e66eb2e4455ede69769dad62cb7a063849cc2199c140c6ba6a498173eaafe051d

    • SSDEEP

      12288:caA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6mi/gQ:AkK+waI8JRQMEJ2rufRtse9rtv8zlBi3

    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Flawedammyy family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.