Severity
Medium
Analysis Summary
Flawed Ammyy RAT (aka FlawedAmmyy RAT) malware has resurfaced again dropping malicious url’s through phishing campaign.
Indicators of Compromise
| URLs | 31.41.47[.]190/rol3 31.41.47[.]190/s.dat |
| Email Address | star019[@]starbucks.com[.]br leninsky[@]sub.omsk[.]ru rvmikrut[@]hbci[.]com mstrauss[@]hbci[.]com |
| Malware Hash (MD5/SHA1/SH256) | df582efa2a459ea7d642e86d15023d55 88b7bb3f47d9193896ec75f8b557bf7b835238ee 2d0e9cf96f94fd5e4816dd7e1b88785840fc8c50f9f00ae6f5c047c5bd5597b5 ffdcf4497b09d7275ec38b1a343e7923 cfc6a691af8cb3895a2186cee22f9e905e73dbb3 ab3ec8ff190c23dc43115c4c3857636f1f4a2611f7b77b8d6c5f982509f3c7c3 3b4fc4ec011a947c69b9e48a3e306d48 8002b9e03e91b42612f20dcbee843f5dc2994413 d864fa83a75edf68d81baea5a40a143096c1db5237cc6db807601eaa9e4e6d22 8d4a57c8a9e07a8171aa1631d00bf4f3 2d94111ccc3a93323820b79b372dd6543c40649d 56032e3fac09d2f21ca8460fb4799973bfa55ef0881ab5242855651d37d09ff6 496538ca26cb7b9bb4791abd9919d9e7 b01fd1cf6cd38d9670d024a2643f89be165210a3 4425fec38db7503a3cb1a1be48d14881a18a00ccef7a975a0d64fba1191d8b09 |
Remediation
- Block threat indicators at your respective controls
- Never click on links/ attachments sent by unknown senders
- Always be suspicious about the emails sent by unknown senders