Ammyy Admin
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 364 |
Threat Level: | 10 % (Normal) |
Infected Computers: | 260,474 |
First Seen: | January 9, 2014 |
Last Seen: | December 2, 2024 |
OS(es) Affected: | Windows |
The AMMYY RAT is a Remote Access Trojan that has been around for quite a while. The AMMYY RAT has existed in some form since early 2016. Variants of the AMMYY RAT have been involved in a variety of malware attacks, ranging from sophisticated, high-profile malware attacks to small campaigns. The attacks associated with the criminals responsible for the AMMYY RAT, known as TA505, have been carried since, at least, 2014, and probably earlier.
Table of Contents
Recent Attacks Perpetrated by the AMMYY RAT
The most recent attacks involving the AMMYY RAT were spotted in Spring and Summer of 2018. These AMMYY RAT attacks involve corrupted spam email attacks, which include corrupted file attachments that download and install the AMMYY RAT onto the victim's computer. The spam emails used to deliver the AMMYY RAT will use spoofed email addresses, often spoofing the recipient's own domain in an attempt to make it seem as if the email is coming from within their own organization (increasing the likelihood that they will open the message). These emails will include subject lines that are vague and generic, often involving random digits and a word such as 'Bill,' 'Receipt' or 'Invoice.' Once the AMMYY RAT is installed, the AMMYY RAT will take over the victim's computer, making it possible for the criminals to control the victim's computer from a remote location.
How the AMMYY RAT Works
The version 3 of the Ammyy Admin, the precursor of the AMMYY RAT, was leaked on the Dark Web. Using the source code for this threat, criminals have been able to create threats like the AMMYY RAT to carry out attacks. The AMMYY RAT has several advanced features, which include the following:
- The AMMYY RAT can be used to control the infected computer directly from a remote location.
- The AMMYY RAT can be used to manage the victim's files, carrying out any sort of file operation and collecting data by uploading these files to a remote server.
- The AMMYY RAT has proxy support, which can help criminals use the infected computer as a proxy to carry out other attacks.
- The AMMYY RAT has audio chat capabilities, allowing the criminals to communicate with the victim or spy on the victim using the infected computer's microphone or Webcam.
The Potential of the AMMYY RAT Attacks
The AMMYY RAT attacks have the potential to cause quite a bit of damage, and the fact that the AMMYY RAT's source code is now available on the Dark Web readily has meant that new versions of the AMMYY RAT and variants of this threat can be released more frequently. These attacks can result in a wide variety of effects, depending on the intent of the criminal. Criminals can use the AMMYY RAT to collect data, spy on victims or harass computer users. The AMMYY RAT also can be used in high-profile attacks to collect proprietary data or for high-end operations. RATs like the AMMYY RAT have another application, which is to install other malware onto the victims' computers. Using RATs like the AMMYY RAT, criminals can install Bitcoin miners, ransomware, adware, or numerous other types of malware, which can be used to monetize the attack, in cases where the victim does not have data that is worthwhile for the criminals collect particularly.
Protecting Your Computer from Threats Like the AMMYY RAT
The best protection against threats like the AMMYY RAT is to have an updated and effective security program, which will protect your computer in real time. Additionally, you should take precautions against spam email messages, because they serve as the main way in which threats like the AMMYY RAT are distributed.
Aliases
3 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
Kaspersky | not-a-virus:RemoteAdmin.Win32.Ammyy.an |
Antiy-AVL | RemoteAdmin/Win32.Ammyy |
AntiVir | SPR/RemoteAdmin.AG |
SpyHunter Detects & Remove Ammyy Admin
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | AA_v3[1].exe | 11bc606269a161555431bacf37f7c1e4 | 13,230 |
2. | AA_v3.exe | e9b569f7cbf23d91df065c18f4c43840 | 9,639 |
3. | AA_v3.exe | 1fc7c230d6db0d7a0da6f415da271159 | 3,432 |
4. | AA_v3.exe | 79910ca3e3418acca4fa2f2e16bac1a3 | 3,181 |
5. | AA_v3.exe | a274dba823aa711db0301f58f53a9560 | 361 |
6. | AA_v3.exe | 87d78952e4f4bad86e88ea07b097de2e | 315 |
7. | AA_v3.exe | 348a9cfa1d6c01fef750175cfaacf593 | 209 |
8. | AA_v3.exe | 7cbafc4de61b075afa1c6def9a5ad60e | 132 |
9. | AA_v3.exe | c685c39bb24492d4c8e9345f3258e111 | 89 |
10. | AA_v3.exe | 5f24cf4ee3199fea0c022bbe4ba6636a | 37 |
11. | AA_v3.exe | 216dfd205fda65aa923985c320221717 | 35 |
12. | AA_v3.exe | c57236b0c298428c18b38fa7791544dc | 31 |
13. | AA_v3.exe | ffcc18fd9a6016c5972afbb35b86df79 | 28 |
14. | AA_v3.exe | f74315e69cb76546b47ee2284385548e | 26 |
15. | AA_v3.exe | 3636c1856bca5f5f4c1469ef5cbf1745 | 21 |
16. | AA_v3.exe | 7b62419d7c7596cba4fe025adbf74aa0 | 18 |
17. | AA_v3.exe | 17492955165580094a156c98789759b6 | 15 |
18. | AA_v3.exe | 1b299b3300ea923a3c03096178a23f7f | 14 |
19. | AA_v3.exe | d9b30364ad5f0510d1aeb99e0e9e0898 | 11 |
20. | AA_v3.exe | ada3b4d8f717b5de6d70ff6d39944f3c | 11 |
21. | AA_v3.exe | 6f77c3e789b5d8b3e0e5a3ae9b493c77 | 11 |
22. | AA_v3.exe | 6a17ba5fc7de46ce39b8e176e458db93 | 10 |
23. | AA_v3.exe | 5c513c40bf791e7f35cc63cb91273400 | 9 |
24. | AA_v3.exe | 4224d33783f3723ac98a3de61f46f520 | 6 |
25. | AA_v3.exe | 106d6085d39a11bd0d5dbf87da08f9ac | 6 |
26. | AA_v3.exe | 9eebc7760e28d6781bd1aea01fc106b2 | 6 |
27. | ammyy.exe |
Registry Details
Directories
Ammyy Admin may create the following directory or directories:
%ALLUSERSPROFILE%\AMMYY |
%ALLUSERSPROFILE%\Anwendungsdaten\AMMYY |
%ALLUSERSPROFILE%\Application Data\AMMYY |
%ALLUSERSPROFILE%\Dados de aplicativos\AMMYY |
%ALLUSERSPROFILE%\Dane aplikacji\AMMYY |
%ALLUSERSPROFILE%\Dati applicazioni\AMMYY |
%ALLUSERSPROFILE%\Datos de programa\AMMYY |