FlawedAmmyy

Description

(Proofpoint) Ammyy Admin is a popular remote access tool used by businesses and consumers to handle remote control and diagnostics on Microsoft Windows machines. However, leaked source code for Version 3 of Ammyy Admin has emerged as a Remote Access Trojan called FlawedAmmyy appearing in a variety of malicious campaigns. For infected individuals, this means that attackers potentially have complete access to their PCs, giving threat actors the ability to access a variety of services, steal files and credentials, and much more. We have seen FlawedAmmyy in both massive campaigns, potentially creating a large base of compromised computers, as well as targeted campaigns that create opportunities for actors to steal customer data, proprietary information, and more.

Names

Name
FlawedAmmyy
AmmyyRAT

Category

Malware

Type

• Backdoor
• Info stealer
• Credential stealer
• Exfiltration

Information

• https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware
• https://www.sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930
• https://secrary.com/ReversingMalware/AMMY_RAT_Downloader/
• https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat
• https://github.com/Coldzer0/Ammyy-v3

Mitre Attack

• https://attack.mitre.org/software/S0381/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.flawedammyy

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:flawedammyy

Other Information

Uuid

12a4f267-6f13-4033-a9c9-f797fb2ebd45

Last Card Change

2020-05-13