IQY File Downloads FlawedAmmyy RAT

VTI SCORE: 100/100

Target:

Windows 7 (SP1, 64-bit), MS Office 2016 (64-bit) | ms_office

Classification:

Trojan, Dropper, Exploit, Downloader

ca0da220f7691059b3174b2de14bd41ddb96bf3f02a2824b2b8c103215c7403c (SHA256)

Sales invoice Z12_01 copy.iqy.iqy

Excel Document

Created at 2018-06-06 09:51:00

Notifications (2/2)

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

The overall sleep time of all monitored processes was truncated from "3 minutes, 21 seconds" to "2 seconds" to reveal dormant functionality.

YARA Information

Applied On	Sample Files, Created Files, Modified Files, PCAP File, Process Dumps
Number of YARA matches	0

There are no YARA matches for this sample

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Notifications (2/2)

YARA Information

There are no YARA matches for this sample

Before

After