FlawedAmmyy
FlawedAmmyy is a Remote Access Trojan that helps a remote attacker gain control over your PC. It often gets its installation through strategies and supporting threats that are typical of the TA505 group of threat actors. Users should respond to infections by disabling their network connectivity and removing FlawedAmmyy with appropriate anti-malware solutions and be prepared to re-secure credentials like passwords.
Not So Many Flaws in this RAT
The use of Remote Access Trojans can be versatile incredibly, with different threat actors employing them for purposes varying from state espionage to ransom-based operations. FlawedAmmyy belongs to the profit-motivated side of these campaigns and derives from a core of the Ammy Admin freeware. From that starting point, the TA505 threat actors have taken this RAT to the top ten list of most prolific Black Hat software throughout the world.
Like most TA505 campaigns, FlawedAmmyy's installation exploits tend towards e-mail attacks that contain misrepresented attachments, such as Word documents with corrupted macros. In some cases, FlawedAmmyy may drop from that point directly, or the threat actors may use an intermediary Trojan downloader such as QuantLoader.
FlawedAmmyy's payload includes features that are highly invasive but also, malware experts stress, traditional for a RAT. After connecting with its C&C over port 443, it grants Remote Desktop UI control over the system, data editing options such as deleting and opening files, proxying, and even an audio communication option with the user.
TA505 attacks also can involve distributing other threats besides FlawedAmmyy. A limited subset of the possibilities includes file-locker Trojans like the Globe Imposter Ransomware and banking Trojans like Dridex that hijack bank account interactions and collect their corresponding credentials.
The Best Ways of RAT-Proofing Your Computer
FlawedAmmyy, which gets its name from a debugging line left in some of the earliest-analyzed builds of the Trojan, employs significant technical sophistry for avoiding detection by the system's users, including compromising non-corrupted memory processes and using a well-hidden startup routine. However, its installation does depend on a conventional e-mail attack and social engineering strategies that most users should spot. Victims who aren't abiding by best security practices is at the heart of most successful TA505 infections.
Campaigns leveraging FlawedAmmyy, generally, will use high-specificity social engineering tactics for the workers they're targeting. An e-mail may reference employees by their names or pretend that an attachment is a notification from internal office equipment or a relevant invoice. Anti-malware solutions, when given the chance to scan the download – or the rest of your PC – should identify and delete FlawedAmmyy, although they can't undo any loss of sensitive data those infections can cause.
What's most noteworthy about FlawedAmmyy isn't anything that it can do but the fact that its campaigns have been so persistent and prolific. And, unlike the 'known quantity' payloads of most Trojans, a RAT is an open-ended question, and the limits to what FlawedAmmyy can do are up to the imaginations of TA505.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.