HKTL_AMMYADMN.GA
May 29, 2017
ALIASES:
RemoteAdmin.Win32.Ammyy.jsd (KASPERSKY); Remacc.Ammyy (NORTON); Riskware/AMMYADMN (FORTINET)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Hacking Tool
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
File Size:
513,248 bytes
File Type:
EXE
Initial Samples Received Date:
13 Dec 2015
Arrival Details
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Hacking Tool drops the following files:
- {Directory where the malware is executed}\settings3.bin
- {Directory where the malware is executed}\{malware name}.log
Other Details
This Hacking Tool connects to the following possibly malicious URL:
- http://{BLOCKED}.{BLOCKED}.229.182:443